PT-2026-23356

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through = 2.2.0...

PT-2026-23148

Name of the Vulnerable Software and Affected Versions ionCube tester plus versions through 1.3 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows an attacker to potentially access files and...

CVE-2025-68862

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through = 1.1.7...

CVE-2026-24953

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through = 6.1.15...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

CVE-2026-20613

The CVE-2026-20613 issue is in ArchiveReader.extractContents() used by cctl image load and container image load. It does not validate pathnames when extracting archive members, enabling a crafted archive with relative paths to write files to arbitrary user-writable locations on the host. Document...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

CVE-2025-68901

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through = 8.0...

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

PT-2026-4114

Name of the Vulnerable Software and Affected Versions HDForms versions through 1.6.1 Description A Path Traversal issue exists in HDForms. The issue involves improper limitation of a pathname to a restricted directory, potentially allowing unauthorized access to files and directories...

PT-2026-4315

Name of the Vulnerable Software and Affected Versions container versions prior to 0.8.0 containerization versions prior to 0.21.0 Description The ArchiveReader.extractContents function, utilized by cctl image load and container image load, lacks proper pathname validation during archive extractio...

MiracleLinux 7 : unoconv-0.6-8.el7 (AXSA:2020-729:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-729:01 advisory. unoconv: mishandling of pathname leads to SSRF and local file inclusion CVE-2019-17400 The unoconv package before 0.9 mishandles untrusted pathnames, leading ...

MiracleLinux 8 : gegl04-0.4.4-6.el8.2 (AXSA:2022-2998:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2998:01 advisory. gegl: shell expansion via a crafted pathname CVE-2021-45463 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : keepalived-1.3.5-16.el7 (AXSA:2019-4318:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4318:03 advisory. keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks CVE-2018-19044 Tenable has extracted the preceding...

MiracleLinux 4 : samba-3.6.9-169.AXS4.0.1 (AXSA:2014-443:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-443:03 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files an...

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

CVE-2022-27816

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service...

CVE-2019-16990

In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...

MediaWiki - CSS extension 安全漏洞

MediaWiki - CSS extension is an open source CSS extension plugin for MediaWiki. A security vulnerability exists in MediaWiki - CSS extension versions 1.44, 1.43, and 1.39, which stems from an improperly restricted pathname and can lead to path traversal...