1290 matches found
CVE-2026-20613
The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...
CVE-2025-68901
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through = 8.0...
PT-2026-4114
Name of the Vulnerable Software and Affected Versions HDForms versions through 1.6.1 Description A Path Traversal issue exists in HDForms. The issue involves improper limitation of a pathname to a restricted directory, potentially allowing unauthorized access to files and directories...
PT-2026-4315
Name of the Vulnerable Software and Affected Versions container versions prior to 0.8.0 containerization versions prior to 0.21.0 Description The ArchiveReader.extractContents function, utilized by cctl image load and container image load, lacks proper pathname validation during archive extractio...
Container and Containerization archive extraction does not guard against escapes from extraction base directory.
The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...
MiracleLinux 7 : unoconv-0.6-8.el7 (AXSA:2020-729:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-729:01 advisory. unoconv: mishandling of pathname leads to SSRF and local file inclusion CVE-2019-17400 The unoconv package before 0.9 mishandles untrusted pathnames, leading ...
MiracleLinux 8 : gegl04-0.4.4-6.el8.2 (AXSA:2022-2998:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2998:01 advisory. gegl: shell expansion via a crafted pathname CVE-2021-45463 Tenable has extracted the preceding description block directly from the MiracleLinux security...
MiracleLinux 7 : keepalived-1.3.5-16.el7 (AXSA:2019-4318:03)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-4318:03 advisory. keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks CVE-2018-19044 Tenable has extracted the preceding...
MiracleLinux 4 : samba-3.6.9-169.AXS4.0.1 (AXSA:2014-443:03)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-443:03 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files an...
CVE-2018-9851
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...
CVE-2022-27816
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service...
CVE-2019-16990
In FusionPBX up to v4.5.7, the file app/musiconhold/musiconhold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname base64 encoded and allows a download of it...
MediaWiki - CSS extension 安全漏洞
MediaWiki - CSS extension is an open source CSS extension plugin for MediaWiki. A security vulnerability exists in MediaWiki - CSS extension versions 1.44, 1.43, and 1.39, which stems from an improperly restricted pathname and can lead to path traversal...
Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11783)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...
CVE-2025-64235
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6...
CVE-2025-54748
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through 8.6.12...
CVE-2025-14311
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in JMRI.This issue affects JMRI: before 5.13.3...
CVE-2025-14311
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in JMRI.This issue affects JMRI: before 5.13.3...
EUVD-2025-198183
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values...
PT-2025-46907
Name of the Vulnerable Software and Affected Versions Astro versions 5.2.0 through 5.15.6 Description A Reflected Cross-Site Scripting XSS vulnerability exists in Astro’s development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScrip...