453 matches found
PYSEC-2026-71
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...
EUVD-2022-55962
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...
CVE-2022-4987
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...
CVE-2022-4987
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...
PT-2026-30210
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...
PT-2026-30021
Name of the Vulnerable Software and Affected Versions goshs affected versions not specified Description goshs is susceptible to a critical path traversal flaw in the PUT upload functionality. The PUT upload process lacks proper path sanitization, allowing attackers to write arbitrary files to the...
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...
SUSE CVE-2026-27819
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...
OPENSUSE-SU-2026:20387-1 Security update for busybox
This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...
SUSE-SU-2026:20905-1 Security update for busybox
This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...
OESA-2026-1544 busybox security update
The Swiss Army Knife of Embedded Linux Security Fixes: A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory...
SUSE SLES12 Security Update : busybox (SUSE-SU-2026:0892-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0892-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk....
SUSE-SU-2026:0892-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...
SUSE-SU-2026:0872-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...
SUSE SLES15 / openSUSE 15 Security Update : busybox (SUSE-SU-2026:0758-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0758-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. ...
SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...
Directory Traversal
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal due to improper sanitization of file paths in the CorpusReader classes. An attacker can gain unauthorized access to sensiti...
SUSE-SU-2026:0759-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...
SUSE-SU-2026:0758-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...
CVE-2026-27819
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...