EUVD-2026-35585

Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally...

CVE-2026-48565

Windows Narrator Braille contains an untrusted search path vulnerability that can elevate privileges locally for an authorized user. Root cause is an untrusted search path in the Narrator Braille component, with an attacker able to exploit it without user interaction. CVSSv3.1 metrics indicate AV...

EUVD-2026-35579

External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...

CVE-2026-47643

CVE-2026-47643 affects Azure Stack Edge, where external control of a file name or path can let an unauthenticated attacker execute code over the network. The NVD/CVE records describe the impact as remote code execution with high severity (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction...

EUVD-2026-35547

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2026-45482

CVE-2026-45482 affects GitHub Copilot and Visual Studio Code (Copilot Chat extension): improper limitation of a pathname to a restricted directory enables a local attacker to bypass a security feature. Root cause is a path traversal issue in handling file paths. Impact is described as high for co...

CVE-2026-45454

The CVE-2026-45454 entry documents a path traversal flaw in Microsoft SharePoint that enables remote code execution when an authorized user accesses a restricted path over a network. The issue affects Microsoft Office SharePoint and is described consistently across multiple sources (NVD, RH, EU E...

CVE-2026-47648

CVE-2026-47648 — Windows Storage contains an untrusted search path vulnerability that enables a locally authenticated attacker to perform privilege escalation. The issue arises from a trusted component loading an untrusted search path, potentially elevating privileges with high impact (C/H/I/H/A/...

CVE-2026-32193

CVE-2026-32193 targets Microsoft Azure Kubernetes Service with a path-traversal flaw that permits an authorized attacker to run code locally. The NVD entry describes it as a restricted-pathname limitation issue with CVSS v3.1 base score 8.8 (HIGH), attack vector LOCAL, required privileges LOW, no...

CVE-2026-47287

CVE-2026-47287 affects Visual Studio Code. The provided documents describe a relative path traversal vulnerability that could allow tampering over a network. Per CVSS data, the attack vector is NETWORK with no privileges required but user interaction is required, and the impact includes high inte...

CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

CVE-2026-34183

CVE-2026-34183 affects the OpenSSL QUIC stack’s PATH_CHALLENGE handling. A remote attacker can flood a QUIC client or server with PATH_CHALLENGE frames, causing unbounded heap allocations and potentially Denial of Service. For every PATH_CHALLENGE, the local QUIC stack allocates a PATH_RESPONSE f...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...

SUSE-SU-2026:22064-1 Security update for libzypp

This update for libzypp fixes the following issue Update to 17.38.13 35: - CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks bsc1267874...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz Vulnerability Details CVEID:CVE-2026-41691 DESCRIPTION: Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a...

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...