9 matches found
CVE-2026-44942
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...
CVE-2026-44942
CVE-2026-44942 affects libzypp: a path traversal in handling the "path" component of .repo files could allow writing outside the zypp cache. The issue affects the 17.x series (before 17.38.13) and before 16.22.19. OpenSUSE Tumbleweed/ SUSE advisories indicate this vulnerability is fixed in libzyp...
CVE-2026-40605
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...
CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...
CVE-2025-12638
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
CVE-2025-22238
Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...
Nextcloud Talk Path Traversal Vulnerability
Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A path traversal vulnerability exists in versions prior to Nextcloud Talk 17.0.0. An attacker exploited the vulnerability to write files outside of their intended cache directory...
SUSE CVE-2022-37866
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...