30 matches found
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade...
PT-2026-51047
Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...
CVE-2026-8811
SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...
Linux Distros Unpatched Vulnerability : CVE-2026-45571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted...
CVE-2026-41863
Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...
Directory Traversal
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Directory Traversal through insufficient validation of reference paths in the creation, renaming, and deletion. An attacker can write, overwrite, move, or delete files...
BIT-PYTHON-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview @apostrophecms/import-export is an Import Export Documents for ApostropheCMS Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the extract function in gzip.js. A user with Global Content Modify permission can write arbitrary file...
ROS-20260319-73-0009
A vulnerability in the outfile plugin of the Fluent Bit logging tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to write an arbitrary file outside the target directory...
Directory Traversal
Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Directory Traversal via the relativePath and newRelativePath parameters i...
CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
CVE-2025-13661
Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required...
zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c
It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...
CVE-2025-8023 Path Traversal in Template Upload Allows Uploading Files Outside Target Directory
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file...
Files Bucket Server 安全漏洞
Files Bucket Server is an application for Diego Personal Developer. A security vulnerability exists in Files Bucket Server that originates from allowing an attacker to traverse the file system and access files outside of the target directory, potentially resulting in directory traversal...
Directory Traversal
Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Directory Traversal via the os.path.join function. An attacker can access or modify files outside the intended directory by manipulating the...
DEBIAN-CVE-2025-4138
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...