2110 matches found
CVE-2025-67364
fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
Important: Red Hat Security Advisory: mariadb:10.11 security update
An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
Important: Red Hat Security Advisory: mariadb:10.11 security update
An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
CVE-2025-1972
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2019-7289
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...
RLSA-2026:0137 Important: mariadb security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...
CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion
The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...
CVE-2025-67364
CVE-2025-67364 concerns fast-filesystem-mcp 3.4.0, where a path traversal flaw arises in file tools (e.g., fast_read_file) due to improper path validation that fails to resolve symlinks. The safePath/isPathAllowed logic uses path.resolve(), which does not handle symlinks, allowing attackers to pl...
fast-filesystem-mcp 安全漏洞
fast-filesystem-mcp is a Model Context Protocol server by the individual developer efforthye. A security vulnerability exists in fast-filesystem-mcp version 3.4.0, which stems from improper path validation and an inability to resolve symbolic links, which could lead to bypassing directory access...
Filesystem MCP 安全漏洞
Filesystem MCP is a Sylphx open source MCP file system server. A security vulnerability exists in Filesystem MCP version 0.5.8, which stems from improper handling of symbolic links in the path validation mechanism, and could lead to bypassing directory restrictions and accessing unauthorized file...
Medium: mariadb1011
Issue Overview: A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction. CVE-2025-13699...
ALSA-2026:0225 Important: mariadb:10.3 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
Important: mariadb:10.3 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
Important: mariadb:10.11 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
Important: mariadb:10.5 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...