Lucene search
K

1290 matches found

Vulnrichment
Vulnrichment
added 2026/01/22 11:58 p.m.3 views

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

5.4AI score0.00244EPSS
Exploits1References1
NVD
NVD
added 2026/01/22 5:16 p.m.3 views

CVE-2025-68901

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through = 8.0...

8.6CVSS0.00458EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.5 views

PT-2026-4114

Name of the Vulnerable Software and Affected Versions HDForms versions through 1.6.1 Description A Path Traversal issue exists in HDForms. The issue involves improper limitation of a pathname to a restricted directory, potentially allowing unauthorized access to files and directories...

5.3AI score0.00518EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.10 views

PT-2026-4315

Name of the Vulnerable Software and Affected Versions container versions prior to 0.8.0 containerization versions prior to 0.21.0 Description The ArchiveReader.extractContents function, utilized by cctl image load and container image load, lacks proper pathname validation during archive extractio...

7.8CVSS5.7AI score0.00244EPSS
Exploits1References11
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/22 12:0 a.m.6 views

Container and Containerization archive extraction does not guard against escapes from extraction base directory.

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.4AI score0.00244EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : unoconv-0.6-8.el7 (AXSA:2020-729:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-729:01 advisory. unoconv: mishandling of pathname leads to SSRF and local file inclusion CVE-2019-17400 The unoconv package before 0.9 mishandles untrusted pathnames, leading ...

7.5CVSS5.5AI score0.01927EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : gegl04-0.4.4-6.el8.2 (AXSA:2022-2998:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2998:01 advisory. gegl: shell expansion via a crafted pathname CVE-2021-45463 Tenable has extracted the preceding description block directly from the MiracleLinux security...

7.8CVSS7.4AI score0.01439EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 7 : keepalived-1.3.5-16.el7 (AXSA:2019-4318:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4318:03 advisory. keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks CVE-2018-19044 Tenable has extracted the preceding...

4.7CVSS6.6AI score0.00501EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 4 : samba-3.6.9-169.AXS4.0.1 (AXSA:2014-443:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-443:03 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files an...

3.3CVSS7.6AI score0.20481EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:12 p.m.5 views

CVE-2018-9851

In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...

7.5CVSS7AI score0.01848EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.10 views

CVE-2022-27816

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service...

7.1CVSS6.8AI score0.00493EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.8 views

CVE-2019-16990

In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...

6.5CVSS6.8AI score0.01283EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

MediaWiki - CSS extension 安全漏洞

MediaWiki - CSS extension is an open source CSS extension plugin for MediaWiki. A security vulnerability exists in MediaWiki - CSS extension versions 1.44, 1.43, and 1.39, which stems from an improperly restricted pathname and can lead to path traversal...

7.5CVSS6.7AI score0.00379EPSS
Exploits1References2
CNVD
CNVD
added 2025/12/24 12:0 a.m.3 views

Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11783)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

5.3CVSS6.1AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 5:22 p.m.9 views

CVE-2025-64235

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6...

6.5CVSS5.2AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 8:15 a.m.4 views

CVE-2025-54748

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through 8.6.12...

6.5CVSS0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/15 9:29 p.m.19 views

CVE-2025-14311

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in JMRI.This issue affects JMRI: before 5.13.3...

6.8CVSS6.9AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 7:56 a.m.28 views

CVE-2025-14311

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in JMRI.This issue affects JMRI: before 5.13.3...

6.8CVSS0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 8:3 p.m.4 views

EUVD-2025-198183

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values...

6.9CVSS6.6AI score0.0047EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.9 views

PT-2025-46907

Name of the Vulnerable Software and Affected Versions Astro versions 5.2.0 through 5.15.6 Description A Reflected Cross-Site Scripting XSS vulnerability exists in Astro’s development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScrip...

2.7CVSS5.7AI score0.00213EPSS
Exploits1References10
Rows per page
Query Builder