PT-2026-39588

Name of the Vulnerable Software and Affected Versions Dell ECS versions 3.8.1.0 through 3.8.1.7 Dell ObjectScale versions prior to 4.3.0.0 Description An issue involving the use of hard-coded credentials allows an unauthenticated attacker with local access to potentially gain filesystem access...

CVE-2025-71282

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

PT-2026-29418

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open basedir restrictions. This allows an attacker to obtain information about the server's directory structure...

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

CVE-2026-2331 CVE-2026-2331

An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...

EUVD-2025-206534

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

PYSEC-2026-90

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

EUVD-2019-16229

Malware in sbrugna...

EUVD-2021-27517

Malicious code in bioql PyPI...

EUVD-2025-22380

Malicious code in bioql PyPI...

CVE-2025-9963

A path traversal vulnerability in Novakon P series allows to expose the root file system "/" and modify all files with root permissions. This way the system can also be compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 commit d0f97fd9...

CVE-2025-9963

CVE-2025-9963 concerns the Novakon P series (P – V2001.A.C518o2) with a path traversal flaw that can expose the root filesystem and allow modification of any file with root permissions, potentially leading to system compromise. Documentation consistently specifies the affected product/version and...

Linux Distros Unpatched Vulnerability : CVE-2025-54141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py...

Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.

Summary If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. Details For security reasons, container creation should be prohibited if /proc or /sys in the rootfs is a symbolic link. I verified this behavior with youki...

CVE-2025-54867

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

FreeBSD : viewvc -- Arbitrary server filesystem content (c37f29ba-6ae3-11f0-b4bf-ecf4bbefc954)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c37f29ba-6ae3-11f0-b4bf-ecf4bbefc954 advisory. cmpilato reports: The ViewVC standalone web server standalone.py is a script provided in the ViewVC...

CVE-2025-54141

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

SUSE CVE-2025-54141

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

CVE-2025-54141

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...