9 matches found
CVE-2026-50003
The CVE-2026-50003 issue affects the DCMTK toolkit. A malicious or compromised server can exploit the bit-preserving C-GET storage mode in the DCMTK client to write files outside the designated output directory, using both relative (../) paths and absolute paths. Multiple sources (RH CVE entry, E...
CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...
CVE-2026-6968
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...
Path Traversal
Hono is vulnerable to Path Traversal. The vulnerability is due to a path traversal issue in toSSG, where specially crafted values can cause generated file paths to escape the intended output directory, and attackers who can influence values passed to ssgParams during the build process may be able...
CVE-2026-39408
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...
CVE-2026-40024
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...
CVE-2026-39408
CVE-2026-39408 affects Hono, a web application framework for JavaScript runtimes. A path traversal flaw in toSSG() prior to version 4.12.12 can cause generated static site files to be written outside the configured output directory when dynamic routes use ssgParams. Multiple connected sources (NV...
PraisonAI 路径遍历漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 contained a path traversal vulnerability. This vulnerability stemmed from the recipe registry’s extraction process, which used tar.extractall to extract a .praison tar...
UBUNTU-CVE-2025-11563
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...