CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

WordPress plugin Gravity Forms has a path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

HSC MailInspector 安全漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains security vulnerabilities. These vulnerabilities stem from improper control of file paths provided to users. When the...

Path Traversal

org.openmrs.web, openmrs-web is vulnerable to Path Traversal. The vulnerability is due to improper path boundary validation in the /openmrs/moduleResources/moduleid endpoint, where user-controlled input is concatenated into filesystem paths without normalization or restriction checks, which allow...

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

Palo Alto Networks Prisma Browser 安全漏洞

Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Browser for macOS. This vulnerability stems from improper alternative path protection, which fails to properly restrict access ...

Lenovo Personal Cloud Storage 路径遍历漏洞

Lenovo Personal Cloud Storage is a personal cloud storage service provided by Lenovo Corporation. Lenovo Personal Cloud Storage has a path traversal vulnerability, which stems from improper file path validation. This vulnerability could allow remote authenticated users to move or access files of...

EUVD-2026-29460

CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...

TÜBİTAK BİLGEM Pardus Software Center 路径遍历漏洞

TÜBİTAK BİLGEM Pardus Software Center is an application store platform provided by TÜBİTAK BİLGEM in Turkey, which offers functions for software browsing, installation, and update management. Versions of TÜBİTAK BİLGEM Pardus Software Center prior to 1.0.3 contained a path traversal vulnerability...

CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

GHSA-JGQ2-QV8V-5CMJ free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to create or overwrite Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment...

GHSA-X5R2-R74C-3W28 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to read Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

GHSA-G9CW-QWHF-24JP free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to delete Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

PT-2026-32973

Name of the Vulnerable Software and Affected Versions free5GC versions 1.4.2 and earlier Description An improper path validation issue exists in the UDR service. An unauthenticated attacker with access to the 5G Service Based Interface can delete arbitrary Traffic Influence Subscriptions by...

Apache PDFBox 安全漏洞

Apache PDFBox is an open-source tool library based on the Java language, developed by the Apache Foundation. This product provides functions for creating and editing PDF documents. Versions of Apache PDFBox from 2.0.24 to 2.0.36, as well as 3.0.0 to 3.0.7, have security vulnerabilities due to...

PT-2026-32975

Name of the Vulnerable Software and Affected Versions free5GC UDR service versions prior to 4.2.1 Description An improper path validation issue exists in the UDR service. The handler for creating or updating Traffic Influence Subscriptions checks if the influenceId path segment equals...

CVE-2026-5054

NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

PT-2026-30763

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI is susceptible to a path traversal issue due to a flaw in the validate path function. This function first calls os.path.normpath, which collapses '..' sequences, and then checks for the...

EUVD-2026-17151

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation...