PT-2026-47964

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

PT-2026-48022

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

Linux Distros Unpatched Vulnerability : CVE-2026-42535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially...

EulerOS 2.0 SP11 : kata-containers (EulerOS-SA-2026-2208)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

EulerOS 2.0 SP11 : kata-containers (EulerOS-SA-2026-2246)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

PT-2026-47692

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-47654

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

PT-2026-48039

Name of the Vulnerable Software and Affected Versions Windows Storage affected versions not specified Description An untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. Privilege escalation occurs when an application searches for a required file i...

PT-2026-47720

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-samba versions prior to 4.12.6 Description The GCSToSambaOperator in the Apache Airflow Samba provider fails to perform a containment check when joining GCS object names to the SMB destination path. This allows an...

PT-2026-47733

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

PT-2026-47736

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

Microsoft Azure Kubernetes Service 路径遍历漏洞

Microsoft Azure Kubernetes Service is a service provided by Microsoft Corporation for deploying, managing, and scaling containerized applications. Microsoft Azure Kubernetes Service has a path traversal vulnerability. Attackers can exploit this vulnerability to execute code remotely...

PT-2026-48272

Name of the Vulnerable Software and Affected Versions ColdFusion versions prior to 2023.20 ColdFusion versions prior to 2025.9 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows an attacker to bypass security features and access unauthorize...

Microsoft Office SharePoint 路径遍历漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a path traversal vulnerability present in Microsoft Office SharePoint. Attackers can exploit this vulnerability to execute code remotely. The following...

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.269 contained a path traversal vulnerability. This vulnerability stemmed from an issue with bypassing workspace boundaries, which could allow authentication attackers t...

Logseq 安全漏洞

Logseq is an open-source knowledge management and collaboration platform developed by Logseq. Version Logseq v0.10.15 contains a security vulnerability. This vulnerability stems from the Electron preloaded scripts, which expose an API method. This allows the rendering process to call IPC handlers...

VMware Spring Framework 路径遍历漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48...

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63)

The version of Adobe Reader installed on the remote Windows host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could resu...

Linux Distros Unpatched Vulnerability : CVE-2026-41843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through...

PT-2026-47655

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A Spring MVC or Spring WebFlux application...