EUVD-2026-39014

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

Astra Linux - Vulnerability in Golang-1.19

The go command may generate unexpected code during build time when using cgo. This can lead to unexpected behavior when running a Go program that uses cgo. This issue may occur when running a trusted module that contains directories with newline characters in their names. Modules retrieved using...

CVE-2026-50203

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

UBUNTU-CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

EUVD-2026-35383

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

Astra Linux – Vulnerability in emacs

org-babel-execute: latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters...

Delta Electronics AS320T 安全漏洞

The Delta Electronics AS320T is a high-performance programmable logic controller device used for industrial automation control by China's Delta Electronics company. The AS320T has a security vulnerability, which stems from the lack of checking the buffer length containing directory names...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

PT-2026-4274

Name of the Vulnerable Software and Affected Versions WordPress Toolkit versions prior to 6.9.1 Description A flaw exists in WordPress directory names within WebPros WordPress Toolkit that can lead to privilege escalation. The issue involves manipulation of directory names. Recommendations Update...

CVE-2025-66428

Summary: CVE-2025-66428 affects WebPros WordPress Toolkit prior to 6.9.1. The flaw arises from manipulation of WordPress directory names, enabling privilege escalation. The reported impact is high (CVSS v3.1: 8.8; network attack, low complexity, user interaction none; privileges required low). Re...

CVE-1999-0774

Buffer overflows in Mars NetWare Emulation NWE, marsnwe package via long directory names...

CVE-1999-0460

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service...

CVE-2025-68430

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...