Lucene search
K

162 matches found

Cvelist
Cvelist
added 6 hours ago6 views

CVE-2026-8384

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker only...

5.3CVSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 7:54 p.m.5 views

EUVD-2026-24994

install -D: symlink race in directory creation allows arbitrary file overwrite...

6.3CVSS6AI score0.00108EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.35 views

CVE-2026-25718 Gitea template repository generation mishandles symlinked paths

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

0.00428EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.7 views

CVE-2026-25718

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score0.00428EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 8:19 p.m.16 views

CVE-2026-25718

Gitea prior to version 1.25.5 is affected by a symlink-based path resolution issue during template repository generation, allowing template processing to read or write via symlinked/non-regular paths. The vulnerability affects Gitea core components used for template repository generation (e.g., m...

9.1CVSS5.9AI score0.00428EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.11 views

EUVD-2026-41624

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

5.9AI score0.00428EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55594

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Improper path resolution occurs during the generation of template repositories. This allows template processing to read or write data through symlinks or other non-regular paths, potentially leading t...

9.1CVSS6.1AI score0.00428EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 4:16 p.m.11 views

CVE-2026-13748

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS0.00139EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/16 3:3 p.m.13 views

Symlink Attack

Overview langchain-anthropic is an Integration package connecting Claude Anthropic APIs and LangChain Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/13 2:29 a.m.8 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.38 views

CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.61 views

CVE-2026-41695

Spring Data Commons contains a Denial of Service risk (CVE-2026-41695) caused by resource exhaustion during property path resolution in MappingContext. Affected versions are Spring Data Commons 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14. The provided documents describe the issue and affected release...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.8 views

cve-2026-41695 - HIGH - Denial of Service in Spring Data Commons Property Path Resolution

cve-2026-41695 - HIGH - Denial of Service in Spring Data Commons Property Path Resolution...

7.5CVSS6.1AI score0.00363EPSS
Exploits0
Veracode
Veracode
added 2026/06/08 10:52 a.m.7 views

Path Traversal

Spring AI is vulnerable to Path Traversal. The vulnerability is due to unsanitized LLM-influenced filenames in Path.resolve, where a malicious user could write files outside the intended target directory, including restricted directories...

6.5CVSS6AI score0.00398EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42314

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .. after replacement partial removal, leaving .. which can be exploited when the path is later resolve...

6.5CVSS5.4AI score0.00342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.15 views

CVE-2026-47274

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

6.3CVSS5.9AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

pam_usb 代码问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 have code vulnerabilities. These vulnerabilities stem from multiple auxiliary tools resolving external binary files through the PATH environment...

6.3CVSS6AI score0.00141EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/23 12:0 a.m.15 views

Directory Traversal

Overview org.springframework.ai:spring-ai-anthropic is an Anthropic models support Affected versions of this package are vulnerable to Directory Traversal via filename handling in the API support. An attacker can perform path traversal by supplying LLM-influenced filenames that are used unsanitiz...

8.7CVSS6.3AI score0.00398EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:17 p.m.13 views

Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Summary Before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command... after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace...

6.9CVSS6.2AI score0.00364EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the core path resolution function allocates a buffer that is one byte too small. When resolving paths with lengths close to the system’s MAXPATHLEN setting, this may result in the byte after the allocated buffer being...

8.1CVSS6.9AI score0.01242EPSS
Exploits1References2
Rows per page
Query Builder