CVE-2026-29858

A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure...

PT-2026-26105

CVE-2026-29858 A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion LFI, leadingot sensitive information exposure. https://t.co/WowAOqIOTR...

EUVD-2025-208755

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files...

CVE-2025-66687

Doom Launcher 3.8.1.0 is vulnerable to a Directory Traversal flaw caused by missing file path validation during extraction of game files. The issue is described across multiple sources (RH, NVD, EUVD, CVE listings) with a CVSSv3.1 base score of 7.5 (High) and an attack vector of Network, requirin...

CVE-2025-66687

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files...

PT-2026-25825

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue where the POST request to the /api/import/importStdMd endpoint directly passes the localPath parameter to the model.ImportFromLocalPath...

Arbitrary File Write

Magic Wormhole is vulnerable to Arbitrary File Write. The vulnerability is due to improper validation of file paths during file reception, allowing a malicious sender to overwrite critical local files e.g., /.ssh/authorizedkeys, .bashrc and potentially compromise the system...

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

Symlink Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the workspace path validation. An attacker can gain unauthorized access to files and potentially modify or create files outside the intended workspace boundary by...

Tornado has incomplete validation of cookie attributes

Values passed to the domain, path, and samesite arguments of RequestHandler.setcookie were not completely validated in versions of Tornado prior to 6.5.5. In particular, semicolons would be allowed, which could be used to inject attacker-controlled values for other cookie attributes...

EUVD-2026-10481

This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. The ExtractEmbeddedFiles example contains a path traversal vulnerability CWE-22 because the filename that is obtained from PDComplexFileSpecification.getFilename is appended...

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

CVE-2026-25605

CVE-2026-25605 affects Siemens SICAM SIAPP SDK (all versions

CVE-2026-23907

Summary (CVE-2026-23907) Apache PDFBox’s ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) where the filename from PDComplexFileSpecification.getFilename() was appended to the extraction path. Affected versions: 2.0.24–2.0.35 and 3.0.0–3.0.6. Subsequent releases 2.0.3...

PT-2026-24199

Name of the Vulnerable Software and Affected Versions Apache PDFBox versions 2.0.24 through 2.0.36 Apache PDFBox versions 3.0.0 through 3.0.7 Description The ExtractEmbeddedFiles example within Apache PDFBox contains a path traversal issue. The filename obtained from...

NLTK has Arbitrary File Read via Absolute Path Input in nltk.util.filestring()

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

PYSEC-2026-97

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...