Lucene search
K

83 matches found

NVD
NVD
added yesterday6 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-14439

CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...

9.4CVSS6.5AI score
Exploits0References1
Debian CVE
Debian CVE
added 2 days ago5 views

CVE-2026-56377

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00175EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 7:38 p.m.11 views

CVE-2026-10732

A flaw was found in the decompress package. A remote attacker can exploit this by providing a crafted ZIP archive with two entries at the same path: a symlink to an arbitrary target and a regular file. Due to microtask processing order, the file content is written through the symlink before it is...

7.5CVSS6.2AI score0.00528EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 9:1 p.m.9 views

CVE-2026-11429

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.4AI score0.01145EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/30 7:9 a.m.11 views

Path Traversal

lsfusion.platform, web-client is vulnerable to Path Traversal. The vulnerability is due to improper validation of the sid argument in the UploadFileRequestHandler component, which allows a remote attacker to perform path traversal by manipulating the parameter and accessing files outside the...

9.8CVSS7.2AI score0.00513EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

openSUSE 16 Security Update : docker-stable (openSUSE-SU-2026:20814-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20814-1 advisory. This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References6
OSV
OSV
added 2026/05/26 12:21 p.m.7 views

OPENSUSE-SU-2026:20814-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 5:26 p.m.5 views

GHSA-QQQM-5547-774X FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory

Summary publicPatchHandler in backend/http/public.go joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversa...

9.3CVSS5.9AI score0.00446EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в samba

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client that can use a server symlink to determine whether a file or directory exists in a part of the server file system that is not exported under the share definition. This attack can only succeed if SMB1 with unix extensions i...

4.3CVSS6.8AI score0.01097EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 12:49 a.m.10 views

EUVD-2026-31010

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS6AI score0.00136EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/16 5:18 a.m.16 views

Path Traversal

OpenClaw is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in isLikelyLocalPath and isValidMedia, where attackers can exploit incomplete checks and the allowBareFilename bypass to access files outside the intended sandbox, leading to disclosure of sensitive...

8.7CVSS5.8AI score0.00688EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/15 12:34 p.m.17 views

CVE-2026-35254

A flaw was found in Oracle OCI CLI. An unauthenticated attacker with network access can exploit this vulnerability, allowing imported files to be placed outside their intended directory. This could lead to arbitrary file placement, potentially enabling an attacker to write malicious files to...

6.1CVSS5.8AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:37 p.m.12 views

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 7:37 p.m.22 views

CVE-2026-44220

ciguard (static security auditor for CI/CD) has a symlink-following flaw in discover_pipeline_files() (src/ciguard/discovery.py) that can cause discovery to traverse into symlink targets outside the requested root. Documented in CVE-2026-44220 and GHSA advisories, the vulnerability affects versio...

3.2CVSS5.8AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:12 p.m.20 views

CVE-2026-45224

CVE-2026-45224 – Crabbox

7.1CVSS5.9AI score0.00144EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 7:8 a.m.18 views

CVE-2026-35254

CVE-2026-35254 affects Oracle OCI CLI (Oracle Open Source Projects) with affected version 3.77. The vulnerability enables an unauthenticated, network-accessible attacker to cause Oracle OCI CLI to place imported files outside the intended directory, indicating a path traversal-like impact. CVSS3....

6.1CVSS5.8AI score0.00146EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/22 12:0 a.m.5 views

UBUNTU-CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.4AI score0.00463EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/10 7:32 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the removeUnusedAttributeView process. An attacker can delete arbitrary .json files within the workspace by supplying crafted path traversal sequences in the id parameter, allowing removal of files outside the...

8.5CVSS6.3AI score0.00287EPSS
Exploits0References2
Rows per page
Query Builder