EUVD-2026-29032

A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function dodirectory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been...

CVE-2026-8274

A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Affected is the function dodirectory of the file cramfsck.c of the component Directory Handler. Such manipulation leads to path traversal. The attack can only be performed from a local environment. The exploit has been...

CVE-2026-7179

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

CVE-2026-1532

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the loc...

CVE-2026-1532 D-Link DCS-700L Music File Upload Service setUploadMusic uploadmusic path traversal

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the loc...

CVE-2025-15245

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

CVE-2025-66004

A local path traversal vulnerability in usbmuxd allows unprivileged users to send crafted messages to its world-writable UNIX socket, causing the daemon to create or delete files as the usbmux user. Due to insufficient validation of the PairRecordID field, attackers can escape the intended...

PT-2025-51187

A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used...

EulerOS 2.0 SP11 : glib2 (EulerOS-SA-2025-2480)

According to the versions of the glib2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to...

EUVD-2025-200250

A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been...

CVE-2025-13876 Rareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversal

A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been...

EUVD-2021-24212

Malware in sbrugna...

EUVD-2024-1469

Malicious code in bioql PyPI...

CVE-2025-35112 Agiloft XML external entity local path traversal

Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...

TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0781)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0781 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-33004

CVE-2025-33004 affects IBM Planning Analytics Local (2.0 and 2.1). The vulnerability is a path traversal flaw caused by improper pathname restriction that could let a privileged user delete files from directories. Connected sources confirm affected versions 2.0–2.1 and cite the impact as file del...

CVE-2021-37731

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address...

PT-2024-34136 · Ivanti · Ivanti Endpoint Manager

Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update Description: The issue allows a local unauthenticated attacker to achieve code execution throu...

containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...

containers/image: digest type does not guarantee valid type

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks...