CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

UBUNTU-CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

CVE-2026-43891

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

CVE-2026-43891

Summary: CVE-2026-43891 and related advisories describe an arbitrary local file read in changedetection.io caused by trusting attacker-controlled history.txt entries restored via crafted backups. Prior to 0.55.1, history values containing path separators are treated as filesystem paths and can re...

protobuf.js is Vulnerable to OS Command Injection in the CLI

Summary pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell instead of being passed to JSDoc as plain arguments. Impact An attacker who can...

PT-2026-40533

Name of the Vulnerable Software and Affected Versions protobufjs-cli versions prior to 1.2.1 protobufjs-cli versions prior to 2.0.2 Description The pbts command-line tool invokes JSDoc by constructing a shell command string from input file paths and executing it via child process.exec. File paths...

DEBIAN-CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

arkadiyt-projects: Path Traversal in writeFile via Unsafe Prefix Containment Check Allows Out-of-Directory Writes

A path traversal vulnerability was discovered in the protodump tool. The vulnerability allowed an attacker to influence the output filename construction and bypass the containment check, enabling writes outside the intended output directory. The vulnerability was caused by the use of...

CVE-2026-24473 Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment...

Smb4K 安全漏洞

Smb4K is a KDE open source online neighborhood browser. A security vulnerability exists in Smb4K versions prior to 4.0.5 that originates from external control of filenames or paths and could lead to a local user performing a local root attack...

CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

CVE-2025-65213

MooreThreads torchmusa through all versions contains an unsafe deserialization vulnerability in torchmusa.utils.comparetool. The compareforsingleop and naninftrackforsingleop functions use pickle.load on user-controlled file paths without validation, allowing arbitrary code execution. An attacker...

CVE-2025-34294

Wazuh's File Integrity Monitoring FIM, when configured with automatic threat removal, contains a time-of-check/time-of-use TOCTOU race condition that can allow a local, low-privileged attacker to cause the Wazuh service running as NT AUTHORITY\SYSTEM to delete attacker-controlled files or paths...

Path Traversal

monai is vulnerable to Path Traversal Zip Slip. The vulnerability is due to extracting user-controlled paths without sanitization, an attacker can supply a crafted or downloadable ZIP to overwrite system files or drop malicious code...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-2019)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-8941 Linux-pam: incomplete fix for cve-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

Linux-pam 路径遍历漏洞

Linux-pam is a pluggable-supported system authentication software for Linux from the Linux Foundation in the United States. Linux-pam suffers from a path traversal vulnerability that stems from the pamnamespace module improperly handling user-controlled paths, which could lead to elevation of...

ALPINE-CVE-2025-48385

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...