Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Impact The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences e.g., ../../../etc/passwd to: - Read arbitrary files from the file system accessible to the...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cgroup: cgroupgetfromid must check the looked-up kn is a directory cgroup has to be one kernfs dir, otherwise kernel panic is caused, especially cgroup id is provide from userspace...

PT-2026-34803

Name of the Vulnerable Software and Affected Versions melange versions 0.32.0 through 0.43.3 Description An attacker capable of influencing a configuration file, such as in build-as-a-service or pull-request-driven CI scenarios, can manipulate the pipeline.uses variable to include absolute paths ...

GHSA-MVWX-582F-56R7 pyload-ng: Incomplete Tar Path Traversal Fix in UnTar._safe_extractall via os.path.commonprefix Bypass

Summary The safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level comparison. This allows a specially crafted tar archive to write files outside the intended...

OESA-2026-1667 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

UBUNTU-CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses...

EUVD-2014-1140

Malware in sbrugna...

CVE-2025-54387 IPX is Vulnerable to Path Traversal via Prefix Matching Bypass

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

FreshRSS 安全漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A security vulnerability exists in FreshRSS versions prior to 1.26.2, which stems from an improper directory existence check and could lead to information disclosure...

SUSE CVE-2025-37785

In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in out-of-bounds read later on, when the corrupted directory is removed...

Linux Distros Unpatched Vulnerability : CVE-2022-48638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cgroup: cgroupgetfromid must check the looked-up kn is a directory cgroup has to be one kern...

DEBIAN-CVE-2022-48638

In the Linux kernel, the following vulnerability has been resolved: cgroup: cgroupgetfromid must check the looked-up kn is a directory cgroup has to be one kernfs dir, otherwise kernel panic is caused, especially cgroup id is provide from userspace...

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

CLSA-2023-1685631809 git: Fix of 2 CVEs

CVE-2022-24765: fix safe.directory key not being checked in setup.c - CVE-2022-29178: avoid failing dir ownership check - some unstable tests were disabled...

CLSA-2023-1685629885 git: Fix of 2 CVEs

CVE-2022-24765: fix safe.directory key not being checked in setup.c - CVE-2022-29178: avoid failing dir ownership check - some unstable tests were disabled...

SUSE CVE-2014-6394

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...

GSD-2022-1006512 cgroup: cgroup_get_from_id() must check the looked-up kn is a directory

cgroup: cgroupgetfromid must check the looked-up kn is a directory This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...