Lucene search
K

9 matches found

NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

6.5CVSS0.00329EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 9:57 a.m.27 views

CVE-2026-44942

CVE-2026-44942 affects libzypp: a path traversal in handling the "path" component of .repo files could allow writing outside the zypp cache. The issue affects the 17.x series (before 17.38.13) and before 16.22.19. OpenSUSE Tumbleweed/ SUSE advisories indicate this vulnerability is fixed in libzyp...

6.5CVSS5.3AI score0.00329EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:50 p.m.7 views

CVE-2026-40605

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/01/27 12:45 a.m.31 views

CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS0.00211EPSS
Exploits1References2
NVD
NVD
added 2025/11/28 3:16 p.m.10 views

CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS0.00592EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/28 2:6 p.m.9 views

CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS0.00592EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.8 views

CVE-2025-22238

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

4.2CVSS7.2AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.6 views

Nextcloud Talk Path Traversal Vulnerability

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A path traversal vulnerability exists in versions prior to Nextcloud Talk 17.0.0. An attacker exploited the vulnerability to write files outside of their intended cache directory...

7.8CVSS6.6AI score0.00328EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.2 views

SUSE CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

6.3CVSS8.9AI score0.01596EPSS
Exploits0References7
Rows per page
Query Builder