Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51047

Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...

8CVSS6.3AI score0.00404EPSS
Exploits0References11
NVD
NVD
added 2026/06/18 1:25 p.m.13 views

CVE-2026-8811

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

7.1CVSS0.00319EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 7:38 p.m.22 views

Directory Traversal

Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Directory Traversal through insufficient validation of reference paths in the creation, renaming, and deletion. An attacker can write, overwrite, move, or delete files...

9.1CVSS6.3AI score0.00419EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 11:50 a.m.5 views

BIT-PYTHON-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

7.5CVSS5.3AI score0.00531EPSS
Exploits1References12
Redos
Redos
added 2026/03/19 12:0 a.m.5 views

ROS-20260319-73-0009

A vulnerability in the outfile plugin of the Fluent Bit logging tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to write an arbitrary file outside the target directory...

5.3CVSS5.9AI score0.00651EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/11 11:39 a.m.13 views

zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c

It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...

5.8CVSS5.8AI score0.01538EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.5 views

Files Bucket Server 安全漏洞

Files Bucket Server is an application for Diego Personal Developer. A security vulnerability exists in Files Bucket Server that originates from allowing an attacker to traverse the file system and access files outside of the target directory, potentially resulting in directory traversal...

8.7CVSS6.5AI score0.00755EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/19 8:49 p.m.5 views

Directory Traversal

Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Directory Traversal via the os.path.join function. An attacker can access or modify files outside the intended directory by manipulating the...

9.8CVSS6.3AI score0.00647EPSS
Exploits1References2
OSV
OSV
added 2024/04/29 11:23 a.m.10 views

USN-6755-1 cpio vulnerabilities

Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the...

4.9CVSS6.2AI score0.00906EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/27 9:13 p.m.18 views

CVE-2020-36566 Path traversal in github.com/whyrusleeping/tar-utils

Due to improper path sanitization, archives containing relative file paths can cause files to be written or overwritten outside of the target directory...

9.2AI score0.01023EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2022/01/20 8:0 a.m.5 views

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

...

8.1CVSS6.7AI score0.025EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2021/07/29 7:0 a.m.5 views

Archive package allows chmod of file outside of unpack target directory

...

6.8CVSS6.2AI score0.01608EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.11 views

PT-2021-12076 · Github.Com/Yi Ge/Unzip +3 · Github.Com/Yi-Ge/Unzip +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by improper path sanitization, allowing archives with relative file paths to write or overwrite files outside the intended directory...

9.1CVSS9.1AI score0.01325EPSS
Exploits1References12
Rows per page
Query Builder