PT-2026-34226

Name of the Vulnerable Software and Affected Versions F Prime versions prior to 4.2.0 Description An integer overflow occurs during a bounds check where the addition of byteOffset and dataSize wraps around on overflow. This allows a specially crafted DataPacket to bypass the check, enabling a fil...

EUVD-2018-2960

Malware in sbrugna...

EUVD-2024-0068

Malicious code in bioql PyPI...

EUVD-2023-57671

Malicious code in bioql PyPI...

EUVD-2023-0884

Malicious code in bioql PyPI...

CVE-2024-47164

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

CVE-2024-11170

CVE-2024-11170 affects danny-avila/librechat (git 81f2936). The root cause is improper sanitization of file paths by the multer middleware, enabling path traversal that can cause arbitrary file write and potentially remote code execution. A fix exists in version 0.7.6. Public PoC details are prov...

Path Traversal

typo3/cms-core is vulnerable to Path Traversal. The vulnerability arises due to a lack of file path sanitization in the baseuri field within the /typo3/record/edit endpoint, allowing an attacker with administrator privileges to arbitrary view files from the filesystem...

Arbitrary File Read

MechanicalSoup is vulnerable to Arbitrary File Read. The vulnerability is due to improper file path sanitization which allows an attacker to read arbitrary files on the web server using the tag inside an HTML form...

Arbitrary File Read

vite is vulnerable to Arbitrary File Read. The vulnerability exists due to improper file path sanitization, allowing an attacker to access files from the root path. Note this vulnerability is only applicable if the vite dev server is hosted on the network...

Path Traversal

io.hawt:hawtio-system is vulnerable to Path Traversal. The vulnerability exists in the unzip function of Zips.java due to a lack of file path sanitization which allows an attacker to overwrite or modify sensitive files in the system...

CVE-2023-2288

The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP 8.0 using the phar:// stream wrapper...

UBUNTU-CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

Directory traversal

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

U.S. Dept Of Defense: Path traversal leads to reading of local files on ███████ and ████

A directory traversal vulnerability was discovered in the downloadForm endpoint of a web application, allowing an attacker to read files on the system by adding "../" to the filename parameter. This could potentially lead to the disclosure of sensitive information or system compromise. The...

Arbitrary File Write

zziplib is vulnerable to arbitrary file writes. The library does not properly sanitize file paths, allowing a malicious user to overwrite arbitrary files on the system by passing a zip file with .. in it...

Directory Traversal

camel-mail is vulnerable to a directory traversal attack. The library does not properly sanitize the file path, allowing a malicious user to gain access to the files on the system...