Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

8.8CVSS7.6AI score0.00419EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/16 10:13 p.m.100 views

bun-archive-traversal-poc

Bun Archive Extraction Traversal PoCs Target: oven-sh/bun...

5.9AI score
Exploits0
Veracode
Veracode
added 2026/05/16 5:18 a.m.17 views

Path Traversal

OpenClaw is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in isLikelyLocalPath and isValidMedia, where attackers can exploit incomplete checks and the allowBareFilename bypass to access files outside the intended sandbox, leading to disclosure of sensitive...

8.7CVSS5.8AI score0.00688EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 3:57 p.m.4 views

GHSA-V856-2RF8-9F28 pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root

Summary A crafted DICOMDIR can set ReferencedFileID to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy, write, and...

7.8CVSS6AI score0.00279EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/10 11:44 p.m.5 views

node-tar Symlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in...

8.2CVSS5.9AI score0.00253EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2026/03/10 11:44 p.m.2 views

GHSA-9PPJ-QMQM-Q256 node-tar Symlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in...

8.2CVSS6AI score0.00253EPSS
Exploits4References4
GithubExploit
GithubExploit
added 2026/03/05 10:53 p.m.254 views

Exploit for CVE-2026-29786

CVE-2026-29786 Research: Joshua van Rijswijkhttps://gi...

6AI score0.00408EPSS
Exploits2
Snyk
Snyk
added 2026/01/21 10:36 p.m.8 views

Symlink Attack

Overview @backstage/plugin-scaffolder-backend is a The Backstage backend plugin that helps you create new things Affected versions of this package are vulnerable to Symlink Attack via multiple actions, including debug:log, fs:delete, and archive extraction. A user who create and execute Scaffolde...

9.9CVSS5.8AI score0.00478EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/01 9:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the django.utils.archive.extract function used by startapp --template and startproject --template. An attacker can modify files outside the intended extraction directory by crafting an archive with file paths...

8.8CVSS6.5AI score0.0085EPSS
Exploits0References2
OSV
OSV
added 2020/12/12 12:15 a.m.3 views

ALPINE-CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS6.6AI score0.01834EPSS
Exploits0References1
OSV
OSV
added 2017/10/05 1:29 a.m.2 views

DEBIAN-CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository...

7.5CVSS7.1AI score0.04815EPSS
Exploits1References1
Rows per page
Query Builder