31 matches found
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
PT-2026-44306
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Linux kernel within the DAMON sysfs schemes. The damon sysfs quot goal-path variable ca...
Palo Alto Networks Prisma Browser 安全漏洞
Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Browser for macOS. This vulnerability stems from improper alternative path protection, which fails to properly restrict access ...
EUVD-2026-22278
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
Ivanti Neurons for ITSM 安全漏洞
Ivanti Neurons for ITSM is a reliable and powerful IT service management solution from the American company Ivanti. Versions of Ivanti Neurons for ITSM prior to 2025.4 contained security vulnerabilities. These vulnerabilities stemmed from improper protection of alternative paths, which could allo...
CVE-2026-23437 net: shaper: protect late read accesses to the hierarchy
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...
CVE-2026-4270
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
Fedora 42 : python-scitokens (2026-dec8f790f7)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dec8f790f7 advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...
Improper Protection of Alternate Path
Overview awslabs.aws-api-mcp-server is a Model Context Protocol MCP server for interacting with AWS Affected versions of this package are vulnerable to Improper Protection of Alternate Path through the AWS CLI shorthand parser in awsapimcpserver/core/aws/services.py. An attacker can read arbitrar...
PYSEC-2026-162
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
ROS-20260224-73-0036
Vulnerability in gitea related to improper alternate path protection. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2026-2360 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user to gain superuser privileges in PostgreSQL 14
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...
postgresql:15 security update
An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Improper Protection of Alternate Path
Overview Affected versions of this package are vulnerable to Improper Protection of Alternate Path due to insufficient validation in attachment editing APIs. An attacker can upload files with restricted extensions by modifying the attachment name, leading to unauthorized file uploads and further...
EUVD-2025-34745
Improper Protection of Alternate Path CWE-424 in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications...
The vulnerability of the Broker VM component in the Cortex XDR security platform, related to improper protection of the alternative path, allows a perpetrator to disclose protected information.
The vulnerability of the Broker VM component in the Cortex XDR security platform is related to improper protection of the alternative path. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the vBulletin commercial web forum, related to improper protection of the alternative path, allows attackers to bypass existing security restrictions and execute arbitrary code.
The vulnerability of the commercial vBulletin web forum is related to improper protection of an alternative path. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...
The vulnerability of the Yii2::createObject() method in the Yii PHP framework allows a attacker to execute arbitrary code.
The vulnerability of the Yii2::createObject method in the Yii PHP framework is related to improper protection of the alternative path. Exploiting this vulnerability could allow an attacker to execute arbitrary code...