2110 matches found
Important: mariadb:10.11 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
Important: mariadb:10.5 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
ALSA-2026:0233 Important: mariadb:10.5 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
Important: Red Hat Security Advisory: mariadb security update
An update for mariadb is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
Important: Red Hat Security Advisory: mariadb security update
An update for mariadb is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2025-14997 BuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion
The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
ALSA-2026:0137 Important: mariadb security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
Important: mariadb security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation
A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...
Path Traversal
AdonisJS is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during multipart file handling, which allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem...
RHEL 9 : mariadb (RHSA-2026:0061)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0061 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...
curl: Path Traversal in curl file:// Protocol Handler Allows Unauthorized File Access
Summary During my manual review of the file path handling logic in curl's source code, I noticed the absence of proper validation for directory traversal sequences, which I then verified through practical testing. I discovered that curl allows unauthorized access to arbitrary files through the...
Symlink Attack
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Symlink Attack due to insufficient validation that artifact paths...
GO-2025-4257 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda...
CVE-2025-69194
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...
GNU Wget2 安全漏洞
GNU Wget2 is a web-based download tool for the American GNU community. A security vulnerability exists in GNU Wget2 that stems from a failure to properly validate file paths in the Metalink filename element, which could result in files being written to unexpected locations...