CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

CVE-2026-9053

Technical details (affected product/version, root cause, exploitability) are not publicly available in the provided documents. Monitor for updates from official sources.

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.13.0 that originates from an authenticated attacker w...

EUVD-2002-2019

Malware in sbrugna...

EUVD-2022-44894

Malicious code in bioql PyPI...

Mattermost Fails to Sanitize Path Traversal Sequences

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file...

Exploit for Path Traversal in Microsoft

PoC exploit for CVE-2025-47176, a Microsoft Outlook Remote Code...

radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Impact This is a prototype pollution vulnerability. It impacts users of the set function within the Radashi library. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpect...

CVE-2024-49771

CVE-2024-49771 affects the MPXJ library (used to read/write project plans). The issue is a path traversal vulnerability in the ZIP stream handling (InputStreamHelper/Packwood MPXJ code) that could allow writing files to arbitrary locations. It is addressed in MPXJ version 13.5.1. No exploitation ...

CVE-2024-49771 MPXJ has a Potential Path Traversal Vulnerability

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by t...

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to improper input validation of the CA path file in the Elasticsearch configuration due to a lack of proper sanitization and validation. This allows an attacker to provide a malicious path, such as...

CVE-2024-6127 BC Security Empire Path Traversal RCE

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...

Cacti security breach

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti 1.2.25 and earlier versions, which...

SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced

Impact For Windows users of github.com/cyphar/filepath-securejoin, until v0.2.4 it was possible for certain rootfs and path combinations in particular, where a malicious Unix-style /-separated unsafe path was used with a Windows-style rootfs path to result in generated paths that were outside of...

CVE-2022-41720 Restricted file access on Windows in os and net/http

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

GO-2022-1143 Restricted file access on Windows in os and net/http

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

GO-2021-0265 Denial of service via maliciously crafted path in github.com/tidwall/gjson

A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time...

GO-2022-0592

A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time...

Poetry 代码问题漏洞

Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries on which your project depends and will manage install/update them for you. A security vulnerability exists in Poetry v1.1.9, which stems from when a user executes a Poetry command in a...

CVE-2020-13177

The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the...