CVE-2026-45982 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...

PT-2026-43576

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes

Summary The mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next character after the base is / or end-of-string, middleware...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

PT-2026-26777

Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...

CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

MiracleLinux 8 : freerdp-2.2.0-10.el8 (AXSA:2023-5972:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5972:03 advisory. freerdp: clients using /parallel command line switch might read uninitialized data CVE-2022-39282 freerdp: clients using the /video command line...

EUVD-2025-201728

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

Path Traversal

Aim is vulnerable to Path Traversal. The vulnerability is due to missing path validation due to the extraction of crafted backup tar files in the restorerunbackup function without validating file paths, allowing remote attackers to write arbitrary files to the server's filesystem...

PHPGurukul Pre-School Enrollment System Project 安全漏洞

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-class-pic.php when processing directory requests, and can...

CVE-2024-7864

The Favicon Generator CLOSED WordPress plugin before 2.1 does not have CSRF and path validation in the outputsubadminpage0 function, allowing attackers to make logged in admins delete arbitrary files on the server...

frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message

A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message

A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

SUSE CVE-2023-47234

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

AZL-31784 CVE-2023-47234 affecting package frr for versions less than 8.5.3-4

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

UBUNTU-CVE-2023-47234

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...

Information Disclosure

freerdp is vulnerable to information disclosure. The vulnerability exists due to missing path canonicalization and base path check for drive channel which allows an attacker to gain access and read files outside the shared directory...

CVE-2020-23038

Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables...

CVE-2021-24639

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...