GHSA-4773-3JFM-QMX3 Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

CVE-2026-22737

CVE-2026-22737 affects Spring Framework components that render script template views via a Java scripting engine (e.g., JRuby, Jython) in Spring MVC and Spring WebFlux. The issue allows disclosure of content from files outside configured script template view locations due to the scripting engine ...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2020-7478

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update...

EUVD-2021-10930

Malware in sbrugna...

EUVD-2023-43999

Malicious code in bioql PyPI...

EUVD-2024-17063

Malicious code in bioql PyPI...

GO-2025-3581 github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'...

Linux Distros Unpatched Vulnerability : CVE-2021-20206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field i...

CVE-2024-23671

CVE-2024-23671 describes a path traversal vulnerability in Fortinet FortiSandbox versions 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.3 that allows an attacker to execute unauthorized code or commands via crafted HTTP requests. The root cause is improper limitation of a pathname to a restricted direc...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:3480-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3480-1 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building ...

Design/Logic Flaw

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2022-26500

CVE-2022-26500 affects Veeam Backup & Replication and relates to an improper limitation of path names in internal API functions, enabling a remote, authenticated user to upload and execute arbitrary code. Affected product range includes 9.5U3/U4, 10.x, and 11.x. The root cause is exposure of inte...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

EulerOS 2.0 SP8 : pcp (EulerOS-SA-2020-1873)

According to the versions of the pcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE...

GHSA-6R3C-8XF3-GGRR Directory traversal outside of SENDFILE_ROOT in django-sendfile2

django-sendfile2 currently relies on the backend to correctly limit file paths to SENDFILEROOT. This is not the case for the simple and development backends, it is also not necessarily the case for any of the other backends either it's just an assumption that was made by the original author. This...

CVE-2020-7494

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...

Virtual Appliance or SAN mode fails on a localized proxy server

Challenge Hot-add or SAN mode fails on a localized proxy. In the job log, you can see the following error: Info AP 2a1a output: 2012-01-26T12:07:14.429+01:00 02252 error 'Default' Cannot use advanced transport modes for xxx.xxx.xxx.xxx/moref=vm-xxx/snapshot-xxx: Cannot lock directory...