CVE-2026-5422

A flaw was found in jupyter-server. This path traversal vulnerability exists due to insufficient validation of file paths, specifically an incorrect root directory boundary check and improper handling of directory traversal sequences. This allows a remote attacker with low privileges to bypass...

PT-2026-35558

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A path traversal issue exists in the ACP dispatch component. This allows remote attackers to read arbitrary files by manipulating inbound channel attachment paths, bypassing the root directory...

CVE-2026-28679 HomeGallery: Path Traversal (Arbitrary File Read)

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...

Azure Linux 3.0 Security Update: samba (CVE-2020-25722)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25722 advisory. - Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. ...

MiracleLinux 8 : rpm-4.14.3-28.el8_9 (AXSA:2024-7498:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7498:02 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...

Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680608 advisory. It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A...

LangBot 代码问题漏洞

LangBot is a large model of LangBot open source instant messaging bot development platform. A code issue vulnerability exists in LangBot versions 4.1.0 through 4.3.5, which stems from the /api/v1/files/documents interface not strictly limiting the server file storage directory, which could lead t...

CLSA-2024-1734368090 php: Fix of CVE-2023-3824

CVE-2023-3824: Update length checking in PHAR directory entries reading to prevent stack buffer overflow and potential memory corruption or RCE...

UBUNTU-CVE-2024-50230

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, blockwritebeginint, which is called to prepare bloc...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp versions prior to 3.10.2, which stems from the FileResponse class not performing path checking relative to the root directory when looking for...

PHPVibe Security Vulnerability

PHPVibe is a free video management system from PHPVibe, Inc. A security vulnerability exists in PHPVibe version 11.0.46, which stems from a code execution via writing specific statements to .htaccess and writing code to a file with a .png extension due to incomplete blacklist checksums and...

CLSA-2024-1716916085 tomcat: Fix of CVE-2021-25329

CVE-2021-25329: use consistent approach for sub-directory checking - Fix javadoc build...

USN-6588-2: PAM vulnerability

USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing director...

USN-6588-1: PAM vulnerability

Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...

USN-6588-1 pam vulnerability

Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...

PT-2022-24043 · Amanda +2 · Amanda +2

Name of the Vulnerable Software and Affected Versions: Amanda version 3.5.1 Description: An information leak issue was discovered in the calcsize SUID binary, allowing an attacker to determine if a directory exists anywhere in the file system. The binary uses the opendir function as root without...

PHPSHE mall system 1.7 background exists arbitrary file deletion vulnerability

PHPSHE Mall System V1.7 is an online mall building system based on PHP5.2+/MySQL 5.0+. PHPSHE Mall System 1.7 background there are arbitrary file deletion vulnerability, the vulnerability stems from the absence of directory checks, attackers can use the vulnerability to delete any file server...

Authorization

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...

Uniscan 4.0 vulnerability scanner Released

Uniscan 4.0 vulnerability scanner Released The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 GPL 3. The Uniscan was developed using the Perl programming language to be...

Uniscan 4.0 vulnerability scanner Released

Uniscan 4.0 vulnerability scanner Released The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 GPL 3. The Uniscan was developed using the Perl programming language to be...