GHSA-4773-3JFM-QMX3 Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

CVE-2026-22737

CVE-2026-22737 affects Spring Framework components that render script template views via a Java scripting engine (e.g., JRuby, Jython) in Spring MVC and Spring WebFlux. The issue allows disclosure of content from files outside configured script template view locations due to the scripting engine ...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2020-7478

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update...

EUVD-2021-10930

Malware in sbrugna...

EUVD-2023-43999

Malicious code in bioql PyPI...

EUVD-2024-17063

Malicious code in bioql PyPI...

GO-2025-3581 github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

github.com/jaredallard/archives Has Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'...

Linux Distros Unpatched Vulnerability : CVE-2021-20206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field i...

CVE-2024-23671

CVE-2024-23671 describes a path traversal vulnerability in Fortinet FortiSandbox versions 4.0.0–4.0.4, 4.2.0–4.2.6, and 4.4.0–4.4.3 that allows an attacker to execute unauthorized code or commands via crafted HTTP requests. The root cause is improper limitation of a pathname to a restricted direc...

The vulnerability of the server-side application library for creating reports from TIBCO JasperReports Library, JasperReports Library for ActiveMatrix BPM, JasperReports Server, JasperReports Server for AWS Marketplace, and JasperReports Server for ActiveMatrix BPM arises from an incorrect limitation on the path to the restricted directory. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of the server-side application libraries for creating reports, such as the TIBCO JasperReports Library, JasperReports Library for ActiveMatrix BPM, JasperReports Server, JasperReports Server for AWS Marketplace, and JasperReports Server for ActiveMatrix BPM, is related to an...

SUSE SLES15 Security Update : buildah (SUSE-SU-2022:3480-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3480-1 advisory. - A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building ...

The vulnerability of the command-line interface (CLI) of the Kubernetes cluster synchronization software, which connects it to Flux configuration sources, allows a malicious actor to read or write arbitrary files on the system.

The vulnerability of the command-line interface CLI of the Kubernetes cluster synchronization software with respect to configuration sources from Flux is related to an incorrect path name limitation for accessing the restricted directory. Exploiting this vulnerability could allow an attacker to...

The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory, allowing attackers to read arbitrary files.

The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files using a specially created HTTP request...

Design/Logic Flaw

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2022-26500

CVE-2022-26500 affects Veeam Backup & Replication and relates to an improper limitation of path names in internal API functions, enabling a remote, authenticated user to upload and execute arbitrary code. Affected product range includes 9.5U3/U4, 10.x, and 11.x. The root cause is exposure of inte...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

The vulnerability of the fr-archive-libarchive.c component in the File Roller archiver program allows a hacker to compromise the integrity and accessibility of the protected information.

The vulnerability of the fr-archive-libarchive.c component of the File Roller program exists due to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a attacker to compromise the integrity and accessibility of the protected informati...

The vulnerability of the web interface of the Cisco Vision Dynamic Signage Director system allows a perpetrator to access protected information.

The vulnerability of the Cisco Vision Dynamic Signage Director digital content management web interface is related to errors in path limitation. Exploiting this vulnerability could allow an attacker to gain access to protected information...