go-git: Crafted repositories may modify main and submodule .git directories

Impact A path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those...

GHSA-CRHJ-59GH-8X96 go-git: Crafted repositories may modify main and submodule .git directories

Impact A path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those...

PT-2026-41959

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description A path validation issue allows crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. This occurs because the software drifted from...

PT-2026-41998

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation and missing capability check in the 'downloadZIP' function in all versions up to, and including, 6.0.6. This makes it possible for...

ALSA-2026:19353 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path...

Directory Traversal

org.springframework.cloud, spring-cloud-config-server is vulnerable to a Directory Traversal. The vulnerability is due to improper validation of specially crafted URL paths in the spring-cloud-config-server module, which allows an attacker to perform a directory traversal attack and access...

PT-2026-40884

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

WordPress plugin Motors 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-28915

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges...

EUVD-2026-30041

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

CVE-2026-6282

Technical details about CVE-2026-6282 (affected Lenovo devices, vulnerable components, impact, and fixes) are not provided in the available documents. Monitor Lenovo advisories and the CVE listing for updates.

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

CVE-2026-6282

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

OpenPLC 安全漏洞

OpenPLC is an open-source, programmable logic controller developed by Thiago Alves. It provides low-cost industrial solutions for automation and research purposes. OpenPLC has a security vulnerability, which stems from the binary program compiled from gluegenerator.cpp not verifying the file path...

Lenovo Personal Cloud Storage 路径遍历漏洞

Lenovo Personal Cloud Storage is a personal cloud storage service provided by Lenovo Corporation. Lenovo Personal Cloud Storage has a path traversal vulnerability, which stems from improper file path validation. This vulnerability could allow remote authenticated users to move or access files of...

PT-2026-40699

A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device...

EUVD-2026-29802

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...