102 matches found
CVE-2026-7397
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...
CLSA-2026-1777454474 plexus-utils: Fix of CVE-2025-67030
CVE-2025-67030: fix Zip Slip / directory traversal in Expand.extractFile canonical path check...
CLSA-2026-1777038119 plexus-utils: Fix of CVE-2025-67030
CVE-2025-67030 fix zip slip via canonical path check in Expand...
CVE-2026-35349
CVE-2026-35349 affects the rm utility in uutils coreutils . The root cause is a path-string check used to identify the root directory instead of comparing device/inode numbers, allowing a symbolic link that resolves to "/" (e.g., "/tmp/rootlink -> /") to bypass --preserve-root. This can lead t...
PT-2026-34485
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the rm utility allows a bypass of the --preserve-root protection. The system uses a path-string check instead of comparing device and inode numbers to identify the root...
CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...
Security update for ImageMagick
This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447...
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...
SUSE CVE-2026-32716
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...
GHSA-W8FP-G9RH-34JH SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking
Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...
CVE-2026-34451
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did no...
CVE-2026-33490
H3 is a minimal HTTP framework. In versions 2.0.0-0 through 2.0.1-rc.16, the mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next...
CVE-2026-23942
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
PT-2026-26177
Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue where the /api/lute/html2BlockDOM endpoint on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace...
PT-2026-26413
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22 Description OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution issue in the shell environment fallback mechanism. This occurs because the software trusts the unvalidated SHELL path fr...
CVE-2026-23621
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via...
CVE-2026-23621
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via...
CVE-2026-22860 Rack has a Directory Traversal via Rack:Directory
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...
CVE-2026-0964
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...
RHEL 9 : kernel-rt (RHSA-2026:1443)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1443 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...