62 matches found
CVE-2026-34153
CVE-2026-34153 affects Coolify before 4.0.0-beta.471, where LocalFileVolume::saveStorageOnServer builds shell commands from unescaped fs_path and parent_dir values prior to validation, and submitFileStorage does not validate the user-controlled file-mount path before creating a volume. An authent...
keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
Insufficiently Protected Credentials
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the backup process. An attacker can obtain sensitive account credentials and configuration secrets by...
CVE-2026-34030
The CVE concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) where branch code validation is insufficient during new-branch creation. The branch code is later used in functions that generate filesystem paths for uploaded files, profile pictures, and settings. An authenticat...
CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...
Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query Endpoints
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites and has a high real-world impact. ---- Introduction Arbitrary method call is a type of arbitrary code execution...
EUVD-2026-29538
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
PT-2026-40101
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability i...
CVE-2026-43901
Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...
CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup
Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the ResolutionRequest process. An attacker can execute arbitrary code on the resolver pod and exfiltrate cluster-wide secrets by injecting malicious commands into the revision parameter of the git...
CVE-2026-32147
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...
CVE-2026-5573
A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public an...
SUSE CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
GHSA-7MQQ-6CF9-V2QP Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...
CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
DEBIAN-CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
UBUNTU-CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...