CVE-2026-25059 OpenList affected by Path Traversal in file copy and remove handlers

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

EUVD-2025-29540

Malicious code in bioql PyPI...

CVE-2019-13013

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root...

Studio 42 elFinder vulnerable to Incorrect Access Control

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...

CVE-2024-38909

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc...

UBUNTU-CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

Gradle Security Vulnerabilities

Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. A security vulnerability exists in Gradle that stems from an improper assignment of permissions when copying files or creating archives. Affected products and versions:...

scaffold-helper denial-of-service vulnerability

scaffold-helper is able to copy files and folders from a source directory to a destination directory using template styles in template files. scaffold-helper version v1.2.0 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service when copying invalid...

CVE-2021-41089

A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to...

AnySupport 路径遍历漏洞

ANYSUPPORT is an application program from ANYSUPPORT, Inc. Provides a remote connection feature. A security vulnerability exists in versions prior to AnySupport 2019.3.21.0 that uses the swprintf function to copy files from the management PC to the client PC, allowing directory traversal. This...

GHSA-CGHX-9GCR-R42X Path Traversal in the Java Kubernetes Client

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process...

Security Bulletin: Vulnerabilities in Kubernetes affects IBM Watson Studio Local

Summary Vulnerabilities in Kubernetes affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-11249 DESCRIPTION: The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a...

CVE-2019-5279

Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311C10E2R1P13T8, Versions earlier than 9.1.0.311C461E2R1P11T8, Versions earlier than 9.1.0.316C635E2R1P11T8, Versions earlier than 9.1.0.311C185E2R1P12T8, Versions earlier than 9.1.0.311C605E2R1P12T8, Versions earlier than...

CVE-2019-13013

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root...

CVE-2019-13013

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root...

CVE-2019-13013

CVE-2019-13013 affects Little Snitch versions 4.3.0 to 4.3.2. The vulnerability lies in the privileged helper tool, which exposes an XPC interface accessible to any process and allows directory listings and copying files as root, enabling local privilege escalation. The available connected docume...

CVE-2019-3828

Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path...

CVE-2018-20525

Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php...

PT-2019-1890

Name of the Vulnerable Software and Affected Versions Ansible versions prior to 2.5.15 Ansible versions prior to 2.6.14 Ansible versions prior to 2.7.8 Description The issue allows for a path traversal vulnerability, enabling the copying and overwriting of files outside the specified destination ...

Legal Robot: S3 ACL misconfiguration

Summary: Legal Robot's s3 bucket legalrobot.com is misconfigured. The ACL allows me to access and copy all files. This means that I could go through and copy all the media files on the s3 bucket. I did not attempt to delete any files as I did not want to go too far and affect your operations. Ste...