CVE-2026-9129 Path Traversal in Altium Enterprise Server Viewer StorageController Allows Arbitrary File Read

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...

EUVD-2026-28936

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...

CVE-2025-51661

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...

CVE-2025-51661

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...

CVE-2025-51661

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...

CVE-2025-24961

CVE-2025-24961 affects org.gaul S3Proxy and describes an insecure path traversal in the filesystem and filesystem-nio2 storage backends that could unintentionally expose local files to users. The root cause is a path traversal flaw when using those backends, enabling access to files outside the i...

S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends

Impact Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to authenticated clients. Patches Upgrade to S3Proxy 2.6.0 which includes apache/jclouds@b0819e0ef5e08c792a4d1724b938714ce9503aa3 and 86b6ee4749aa163a78e7898efc063617ed171980. Workarounds...

GHSA-VVMV-WRVP-9GJR @jmondi/url-to-png contains a Path Traversal vulnerability

Summary When trying to add a BLOCKLIST feature when the maintainer noticed they didn't sanitize the ImageId in the code, which leads to path traversal vulnerability. Now, this is different from a traditional path traversal issue, because as of NOW you can store the image in any place arbitrarily,...

GHSA-WPCV-5JGP-69F3 Genie Path Traversal vulnerability via File Uploads

Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...

CVE-2022-36308

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may...

Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...

Code injection

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating and writing to the disk malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code executi...

Fedora 23 : libvirt-1.2.18.2-1.fc23 (2015-30b347dff1)

Rebased to version 1.2.18.2 disk backend is not removed properly when disk frontent hotplug fails bz 1265968 Fix TPM cancel path on newer kernels bz 1244895 Remove timeout for libvirt-guests.service bz 1195544 CVE-2015-5313 libvirt: filesystem storage volume names path traversal flaw bz 1291433...

CVE-2016-1505

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...

CVE-2016-1505

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...

CVE-2016-1505

CVE-2016-1505 affects Radicale’s Windows filesystem storage backend prior to 1.1, allowing a remote attacker to read or write arbitrary files via a crafted path such as /c:/file/ignore. The root cause is a directory-traversal flaw in the storage backend that processes crafted paths, enabling acce...

Important: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: openstack-nova security advisory

Updated openstack-nova packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...