RHEL 8 : mariadb:10.11 (RHSA-2026:0232)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0232 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2025-1331)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1331 advisory. A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in...

AlmaLinux 9 : mariadb (ALSA-2026:0137)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0137 advisory. mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 Tenable has extracted the preceding...

RHEL 8 : mariadb:10.5 (RHSA-2026:0233)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0233 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

fast-filesystem-mcp has a Path Traversal vulnerability

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

GHSA-J893-M93W-JWJW fast-filesystem-mcp has a Path Traversal vulnerability

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

CVE-2025-67364

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation

A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...

Important: Red Hat Security Advisory: mariadb:10.11 security update

An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation

A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...

Important: Red Hat Security Advisory: mariadb:10.11 security update

An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation

A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...

mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation

A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction...

CVE-2025-1972

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2019-7289

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Shortcuts 2.1.3 for iOS. A local user may be able to view senstive user information...

RLSA-2026:0137 Important: mariadb security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...

CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...

CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...

Filesystem MCP 安全漏洞

Filesystem MCP is a Sylphx open source MCP file system server. A security vulnerability exists in Filesystem MCP version 0.5.8, which stems from improper handling of symbolic links in the path validation mechanism, and could lead to bypassing directory restrictions and accessing unauthorized file...