102935 matches found
CVE-2026-8023 Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
Zephyr's HTTP server subsys/net/lib/http provides a static-filesystem resource type HTTPRESOURCETYPESTATICFS, available when CONFIGFILESYSTEM is enabled that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled...
CVE-2026-8023
CVE-2026-8023 concerns Zephyr’s HTTP server static-filesystem resource handler, where HTTP/1 and HTTP/2 front-ends copied the raw request path into a buffer without removing dot segments. This allowed path traversal to escape the configured web root and read arbitrary files after the filesystem r...
CVE-2026-10647
The CVE concerns the USB CDC-NCM driver (subsys/usb/device_next/class/usbd_cdc_ncm.c) in Zephyr. The code ignores the return value of usbd_ep_enqueue() in cdc_ncm_send(); when enqueue fails, it still calls k_sem_take(&data-sync_sem, K_FOREVER), waiting on a completion that is only signaled from t...
CVE-2026-46417
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...
CVE-2026-57919
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...
CVE-2026-43732
A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...
kernel: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
A flaw was found in the Linux kernel's RDMA/mlx5 component. An error path fall-through in the mlx5ibdevressrqinit function, specifically when ibcreatesrq fails, can lead to the use of freed memory and error pointers. This memory corruption vulnerability could result in system instability, denial ...
kernel: RDMA/umem: Fix double dma_buf_unpin in failure path
A flaw was found in the Linux kernel's RDMA/umem subsystem. A memory management error, specifically a double unpin of a dmabuf, can occur in a failure path during dmabuf pinning operations. This vulnerability could lead to system instability or a crash, resulting in a Denial of Service DoS...
CVE-2026-43732
A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...
CVE-2026-43732
CVE-2026-43732 describes a path handling issue in WebKit used by Safari and Apple OS components. The vulnerability arises from insufficient validation in path handling when processing web content, potentially allowing disclosure of sensitive user information. Apple fixes are included in Safari 26...
perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access
A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...
Important: Red Hat Security Advisory: perl-Archive-Tar security update
An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
CVE-2026-11720
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...
EUVD-2026-40146
A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...
CVE-2026-11720
The CVE-2026-11720 entry describes a path traversal flaw in the HTTP tool URL builder of googleapis/mcp-toolbox. User-controlled pathParams are substituted into a configured tool path and then parsed as a relative URL; while scheme/host/user info are checked, final resolution uses ResolveReferenc...
CVE-2026-57954 Elide 7.1.17 - Permission Bypass in Sort Expression Validation
Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...
WordPress PixMagix – WordPress Image Editor plugin <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter vulnerability
Authenticated Author+ Path Traversal in 'layers.id' Parameter vulnerability discovered by devploit in WordPress Plugin PixMagix WordPress Image Editor versions = 1.7.2...
CVE-2026-13748
Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...
CVE-2026-13748
CVE-2026-13748 affects Snowflake CLI prior to 3.19. The vulnerability arises from improper restriction of file path resolution, allowing an attacker-controlled repository or project content to cause the CLI to read arbitrary local files and transmit or embed their contents during deployment or SQ...