Lucene search
K

30 matches found

Snyk
Snyk
added 5 days ago3 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade...

9.1CVSS6AI score0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51047

Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...

8CVSS6.3AI score0.00404EPSS
Exploits0References11
NVD
NVD
added 2026/06/18 1:25 p.m.13 views

CVE-2026-8811

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

7.1CVSS0.00319EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-45571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:45 a.m.11 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/18 7:8 p.m.14 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...

6.3CVSS6.3AI score0.00711EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 7:38 p.m.22 views

Directory Traversal

Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Directory Traversal through insufficient validation of reference paths in the creation, renaming, and deletion. An attacker can write, overwrite, move, or delete files...

9.1CVSS6.3AI score0.00419EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 11:50 a.m.5 views

BIT-PYTHON-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

7.5CVSS5.3AI score0.00531EPSS
Exploits1References12
Snyk
Snyk
added 2026/04/22 5:6 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...

8.8CVSS6.4AI score0.00439EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/19 12:44 a.m.3 views

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview @apostrophecms/import-export is an Import Export Documents for ApostropheCMS Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the extract function in gzip.js. A user with Global Content Modify permission can write arbitrary file...

9.9CVSS6.4AI score0.00432EPSS
Exploits1References2
Redos
Redos
added 2026/03/19 12:0 a.m.5 views

ROS-20260319-73-0009

A vulnerability in the outfile plugin of the Fluent Bit logging tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to write an arbitrary file outside the target directory...

5.3CVSS5.9AI score0.00651EPSS
Exploits0
Snyk
Snyk
added 2026/03/12 6:44 p.m.3 views

Directory Traversal

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Directory Traversal via the relativePath and newRelativePath parameters i...

6.3CVSS6.3AI score0.00426EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 2:58 p.m.4 views

CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.1CVSS5.9AI score0.00528EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/12/09 4:1 p.m.3 views

CVE-2025-13661

Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required...

7.1CVSS6.5AI score0.01127EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/11 11:39 a.m.13 views

zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c

It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...

5.8CVSS5.8AI score0.01538EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/21 7:51 a.m.9 views

CVE-2025-8023 Path Traversal in Template Upload Allows Uploading Files Outside Target Directory

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file...

6.8CVSS0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.5 views

Files Bucket Server 安全漏洞

Files Bucket Server is an application for Diego Personal Developer. A security vulnerability exists in Files Bucket Server that originates from allowing an attacker to traverse the file system and access files outside of the target directory, potentially resulting in directory traversal...

8.7CVSS6.5AI score0.00755EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/19 8:49 p.m.5 views

Directory Traversal

Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Directory Traversal via the os.path.join function. An attacker can access or modify files outside the intended directory by manipulating the...

9.8CVSS6.3AI score0.00647EPSS
Exploits1References2
OSV
OSV
added 2025/06/03 1:15 p.m.5 views

DEBIAN-CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.1AI score0.01109EPSS
Exploits7References1
Rows per page
Query Builder