EUVD-2026-39485

pnpm: Reserved bin name deletes PNPMHOME during global remove...

EUVD-2026-39535

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

CVE-2026-55699

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hexadecimal numbers or similar elements. However,...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

PT-2026-37263

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description Insufficient sanitization of package folder names allows writing files outside the intended download directory. The issue exists in the add package function within the src/pyload/core/api/ in...

CVE-2026-41180

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under /files/:uploadId validates the mounted request path using the still-encoded req.path, but the downstream tus handler later writes using the decoded req.params.uploadId. In...

GHSA-H39G-6X3C-7FQ9 Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

GHSA-2Q7R-29RG-6M5H fastify-reply-from affected by bypass of reply forwarding

Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...

SUSE CVE-2024-54132

The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

DEBIAN-CVE-2024-54132

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

UBUNTU-CVE-2024-54132

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

SUSE CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

PT-2024-26375 · Unknown · Torchserve

Name of the Vulnerable Software and Affected Versions: TorchServe versions prior to 0.11.0 Description: The issue concerns TorchServe's check on allowed urls configuration, which can be bypassed if the URL contains characters such as "..". This allows a model to be downloaded into the model store...

SUSE CVE-2022-31159

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

node-server path traversal vulnerability

node-server is an adapter that allows users to run Hono applications on Node.js. A path traversal vulnerability exists in node-server version 1.3.0 through versions prior to 1.4.1, which stems from an inability to resolve double dots in a URL...

UBUNTU-CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK f...

PT-2023-31869

Name of the Vulnerable Software and Affected Versions AWS SDK for PHP versions prior to 3.288.1 Description A URI path traversal issue exists in the AWS SDK for PHP, specifically within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot. This issue is possible du...

SUSE CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability CVE-2002-0399 in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/"...

SUSE CVE-2005-2874

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...