CVE-2026-40128

SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...

SUSE CVE-2026-52904

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

EUVD-2026-35844

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

CVE-2026-46491

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

CVE-2026-44716

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

PT-2026-48538

Path Traversal in clear plugin cache Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 | | Vulnerability | CWE-22 — Improper Limitation of a Pathname to a Restricted Directory | | Severity | High |...

RHEL 8 : flatpak (RHSA-2026:25068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25068 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

Linux Distros Unpatched Vulnerability : CVE-2026-52905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 mm/damon: add damonctx-minszregion introduced a bug that allows unaligned...

PT-2026-48359

Name of the Vulnerable Software and Affected Versions License Center versions prior to 1.9.56 Description A path traversal issue allows a local attacker with administrator account privileges to read the contents of unexpected files or system data. Path traversal is a technique where an attacker...

SimpleSAMLphp-casserver 路径遍历漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible Single Sign-On server module developed by SimpleSAMLphp. Versions prior to 7.0.3 of SimpleSAMLphp-casserver contained a path traversal vulnerability. This vulnerability stemmed from the direct concatenation of attacker-controlled...

Dulwich 路径遍历漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich prior to 1.2.5 contained a path traversal vulnerability. This vulnerability occurred when deriving patch file names from the commit message, without properly cleaning path separators an...

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.4 contained a path traversal vulnerability. This vulnerability stemmed from the theme import feature not verifying...

BoxLite 路径遍历漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of...

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the EscapedString verifier failing to properly prevent path...

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Prior to version 12.1 of National Security Agency Ghidra, there was a path traversal vulnerability. This vulnerability stemmed from SameDirDebugInfoProvider failing to valida...

Palo Alto Networks Cortex Xsoar 路径遍历漏洞

Palo Alto Networks Cortex Xsoar is a security orchestration and response Soar platform developed by Palo Alto Networks in the United States. Palo Alto Networks Cortex Xsoar has a path traversal vulnerability. This vulnerability arises from path traversal attacks, which may allow unauthenticated...

bit7z 路径遍历漏洞

bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 contained a path traversal vulnerability. This vulnerability stemmed from a one-byte error in the SafeOutPathBuilder::restoreSymlink function, which could allow attacke...

NLnet Labs ldns 访问控制错误漏洞

NLnet Labs ldns is a DNS library developed by the Nlnet Foundation in the Netherlands, designed for easy programming of DNS tools. Versions 1.2.0 to 1.9.0 of NLnet Labs ldns contain access control vulnerability issues. This vulnerability arises from the fact that when used as a UDP resolver, the...

PT-2026-48440

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://server ip:agent port/...'. The path component is...

QNAP Systems License Center 路径遍历漏洞

QNAP Systems License Center is a licensing management system operated by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems License Center prior to 1.9.56 contained a path traversal vulnerability. This vulnerability allows local attackers to use administrative accounts to...