88 matches found
CVE-2026-49492
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...
CVE-2026-49492 Markdown Preview Enhanced OS Command Injection in External File and Link Opening
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...
EUVD-2026-34331
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
PT-2026-47023
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latex engine code-chunk attribute. On Windows, a crafted...
CVE-2026-11322
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
PT-2026-46394
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
Astra Linux - уязвимость в libarchive
An improper link resolution flaw can occur during the extraction of an archive, resulting in changes to the mode, times, access control lists, and flags of a file within the archive. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim attempts to...
Path Traversal
Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...
OSV-2026-728 Stack-buffer-overflow in autoload_external_files
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512622269 Crash type: Stack-buffer-overflow READ 4 Crash state: autoloadexternalfiles loadexternaloptsthread workerthread...
CVE-2026-44220 ciguard: discover_pipeline_files follows symlinks out of scan root
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...
Microsoft Teams Spoofing Vulnerability
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...
Path Traversal
Mako is vulnerable to Path Traversal. The vulnerability is due to inconsistent slash-stripping behavior in TemplateLookup.gettemplate, where URIs beginning with // can bypass path restrictions and access arbitrary files outside the intended template directory, allowing disclosure of files readabl...
CVE-2026-41525
A flaw was found in KDE Dolphin. This vulnerability allows applications operating within a Flatpak or AppArmor sandbox to bypass security restrictions. By exploiting the FileManager1 protocol, a malicious application can prompt users to open files, including scripts or executables, located outsid...
UNIX Symbolic Link (Symlink) Following
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the include, render, and layout directories, when symlinks are placed within a trusted...
CVE-2026-33238
WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the extract function in Unzip.java. An attacker can write arbitrary files outside the intended extraction directory by crafting zip archives with specially crafted entry names containing directory traversal...
EUVD-2026-13406
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
GHSA-2CWR-F5HX-GG3W Duplicate Advisory: OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cfvj-7rx7-fc7c. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to...