CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

EUVD-2026-36253

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability in the ArtifactReady WebSocket messages. Unsanitized path components in artifact_name (and download_path) allow a malicious build server to write arbitrary content to any location writable by the running process, potentially overwritin...

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

DEBIAN-CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

UBUNTU-CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

EUVD-2026-36245

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

CVE-2026-11816 Path Traversal in keras-team/keras

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

EUVD-2026-36244

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

CVE-2026-11816

CVE-2026-11816 affects Keras

CVE-2026-11816 Path Traversal in keras-team/keras

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

GHSA-XF64-8MW2-4GR2 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization

Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...

Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization

Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...

PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

Summary PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. Because this path is added via site.addsitedir, attacker-controlled .pth files inside the project plugin directory are processed and can execute Python code before normal CLI handling begins...

openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...