Lucene search
K

9 matches found

CVE
CVE
added 2026/06/30 9:27 p.m.38 views

CVE-2026-50003

The CVE-2026-50003 issue affects the DCMTK toolkit. A malicious or compromised server can exploit the bit-preserving C-GET storage mode in the DCMTK client to write files outside the designated output directory, using both relative (../) paths and absolute paths. Multiple sources (RH CVE entry, E...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:27 p.m.33 views

CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS0.00435EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:44 p.m.6 views

CVE-2026-6968

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...

7.1CVSS5.4AI score0.0052EPSS
Exploits0References7
Veracode
Veracode
added 2026/04/17 9:26 a.m.6 views

Path Traversal

Hono is vulnerable to Path Traversal. The vulnerability is due to a path traversal issue in toSSG, where specially crafted values can cause generated file paths to escape the intended output directory, and attackers who can influence values passed to ssgParams during the build process may be able...

7.5CVSS5.7AI score0.00532EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.3 views

CVE-2026-39408

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

7.5CVSS5.6AI score0.00532EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/08 10:16 p.m.5 views

CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 2:42 p.m.19 views

CVE-2026-39408

CVE-2026-39408 affects Hono, a web application framework for JavaScript runtimes. A path traversal flaw in toSSG() prior to version 4.12.12 can cause generated static site files to be written outside the configured output directory when dynamic routes use ssgParams. Multiple connected sources (NV...

7.5CVSS5.8AI score0.00532EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.11 views

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 contained a path traversal vulnerability. This vulnerability stemmed from the recipe registry’s extraction process, which used tar.extractall to extract a .praison tar...

7.3CVSS5.8AI score0.00291EPSS
Exploits1References1
OSV
OSV
added 2026/02/25 8:16 a.m.5 views

UBUNTU-CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References4
Rows per page
Query Builder