65 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-59924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying...
CVE-2026-59924
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...
EUVD-2026-42337
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...
CVE-2026-59924 Mistune: Arbitrary File Read via Include directive path traversal
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...
CVE-2011-10043
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...
CVE-2026-47179
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...
PT-2026-44732
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.4 Description An authenticated user can perform an arbitrary read of any file accessible by the Arcane backend process. This occurs because the ProjectService.CreateProject function writes attacker-supplied compos...
CVE-2026-32061
OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...
CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal
OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...
CVE-2016-10828
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path SEC-97...
CVE-2016-10837
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path SEC-46...
CVE-2025-58949
The CVE-2025-58949 is tied to the WordPress Spock theme (versions ≤ 1.17). The issue is an improper control of filenames for include/require, enabling PHP Local File Inclusion. Affected software/component: WordPress Spock theme. Root cause: improper filename handling in PHP includes. Impact as de...
EUVD-2007-6199
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-49084
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and...
Mite 代码问题漏洞
Mite is a Perl 5 distribution of Mite by Toby Inkster Individual Developer. A code issue vulnerability exists in versions prior to Mite 0.013000 that stems from adding the current working directory to the INC path, which could lead to the execution of arbitrary code...
SUSE CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
DEBIAN-CVE-2023-49084
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...
Cacti security breach
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to obtain data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in Cacti versions prior to 1.2.26,...
SUSE CVE-2015-4025
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...