ROS-20260526-73-0022

Vulnerability in poetry related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

ROS-20260508-73-0005

Vulnerability in rubygem-activestorage related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

CVE-2026-5080 Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

CVE-2026-5080

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand function to return a number between 0 and...

ROS-20260430-73-0004

Vulnerability in buildkit related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260420-73-0043

Vulnerability in incus related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

srvx 安全漏洞

Srvx is a web-based general server developed by H3 Open Source. Versions of Srvx prior to 0.11.13 contained security vulnerabilities. These vulnerabilities were caused by differences in path name resolution in FastURL, which could allow middleware to bypass security measures...

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. Versions 17.0 to 28.4.1, 27.3.4.9, and 26.2.5.18 of Erlang/OTP contain security vulnerabilities due to improper path name restrictions, which may lead to...

ROS-20260310-73-0035

Vulnerability in python-wheel related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

Hexpm 安全漏洞

Hexpm is a web page and interface developed by Hex. Hexpm has a security vulnerability, which stems from improper path name restrictions, potentially leading to relative path traversal...

WordPress plugin User Extra Fields 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions of...

WordPress plugin User Extra Fields 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions of...

Advisory ROSA-SA-2026-3204

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 unaffected versions = vim-8.0.1763-21.0.1.rv3 affected versions vim-8.0.1763-21.0.0.1.rv3 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of the...

Advisory ROSA-SA-2026-3140

Software: git 2.43.5 OS: ROSA Virtualization 3.0 unaffected versions = git-2.43.5-3.rv30 affected versions git-2.43.5-3.rv30 CVE-ID: CVE-2023-25652 BDU-ID: 2023-03859 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path...

Advisory ROSA-SA-2026-3135

Software: git 2.43.5 OS: ROSA Virtualization 2.1 unaffected versions = git-2.43.5-3.rv3 affected versions git-2.43.5-3.rv3 CVE-ID: CVE-2023-25652 BDU-ID: 2023-03859 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system is related to flaws in the directory path na...

ROS-20260129-73-0058

Vulnerability in mariadb11.8 related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

Containerization security vulnerabilities

Containerization is an open-source Swift container package developed by Apple. There is a security vulnerability in Containerization, which stems from the lack of path name validation before extracting archived members. This vulnerability may allow files to be extracted to any writable location b...

WordPress plugin Anona: Path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

MiracleLinux 8 : curl-7.61.1-18.el8.1 (AXSA:2021-2446:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2446:04 advisory. curl: Content not matching hash in Metalink is not being discarded CVE-2021-22922 curl: Metalink download sends credentials CVE-2021-22923 curl: Bad...