CVE-2026-48544 Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

CVE-2026-48544 Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

CVE-2026-42888 Audiobookshelf: Path Traversal vulnerability in the audiobookshelf project

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

CVE-2026-42888

CVE-2026-42888 describes a path traversal flaw in Audiobookshelf prior to version 2.32.2. The podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to constrain it within the intended library directory. This...

CVE-2026-42888 Audiobookshelf: Path Traversal vulnerability in the audiobookshelf project

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

EUVD-2026-29297

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

CVE-2025-5317 Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac BEST before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the...

EUVD-2013-1170

Malware in sbrugna...

CVE-2013-1130

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619...

Xibo 路径遍历漏洞

Xibo is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo that stems from a path traversal vulnerability that allows an authenticated user to upload a specially crafted zip file to the CMS, which would allow a user acting as a web server t...

Mac OS X : Cisco AnyConnect Secure Mobility Client 3.0.x / 3.1.x Local Privilege Escalation

The remote host has a version of Cisco AnyConnect 3.0.x or 3.1.x. As such, it is vulnerable to a local privilege escalation attack caused by improper permissions on a library directory. This issue could allow a local attacker to execute arbitrary programs with elevated privileges. C Tenable Netwo...

CVE-2013-1130

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619...

Design/Logic Flaw

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619...

CVE-2013-1130

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619...

Design/Logic Flaw

ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...

PT-2007-2302 · Local · Local Calendar System

Name of the Vulnerable Software and Affected Versions: local Calendar System version 1.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the TEMPLATE DIR parameter to files such as showinvoices.php, showmonth.php, showevents.php, retrieveinvoice.php,...

Oracle9i Database - Default Library Directory Privilege Escalation

source: https://www.securityfocus.com/bid/10829/info Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error that will permit the attacker to replace libraries required by setuid...

Oracle9i Database - Default Library Directory Privilege Escalation

Oracle9i Database - Default Library Directory Privilege Escalation source: https://www.securityfocus.com/bid/10829/info Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability. This issue arises due to a default configuration error th...