27 matches found
PT-2026-44306
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree with damon sysfs lock damon sysfs quot goal-path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters on,offline committing t...
Palo Alto Networks Prisma Browser 安全漏洞
Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Browser for macOS. This vulnerability stems from improper alternative path protection, which fails to properly restrict access ...
EUVD-2026-22278
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
Ivanti Neurons for ITSM 安全漏洞
Ivanti Neurons for ITSM is a reliable and powerful IT service management solution from the American company Ivanti. Versions of Ivanti Neurons for ITSM prior to 2025.4 contained security vulnerabilities. These vulnerabilities stemmed from improper protection of alternative paths, which could allo...
CVE-2026-23437 net: shaper: protect late read accesses to the hierarchy
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...
CVE-2026-4270
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
Fedora 42 : python-scitokens (2026-dec8f790f7)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dec8f790f7 advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...
Improper Protection of Alternate Path
Overview awslabs.aws-api-mcp-server is a Model Context Protocol MCP server for interacting with AWS Affected versions of this package are vulnerable to Improper Protection of Alternate Path through the AWS CLI shorthand parser in awsapimcpserver/core/aws/services.py. An attacker can read arbitrar...
PYSEC-2026-162
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
ROS-20260224-73-0036
Vulnerability in gitea related to improper alternate path protection. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2026-2360 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user to gain superuser privileges in PostgreSQL 14
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...
postgresql:15 security update
An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Improper Protection of Alternate Path
Overview Affected versions of this package are vulnerable to Improper Protection of Alternate Path due to insufficient validation in attachment editing APIs. An attacker can upload files with restricted extensions by modifying the attachment name, leading to unauthorized file uploads and further...
EUVD-2025-34745
Improper Protection of Alternate Path CWE-424 in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications...
Yiiframework Yii Improper Protection of Alternate Path Vulnerability
Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432...
CVE-2025-22235
EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...
UBUNTU-CVE-2025-22235
EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...
CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...