IBM InfoSphere Optim Test Data Fabrication 路径遍历漏洞

IBM InfoSphere Optim Test Data Fabrication is a test data generation and management platform developed by the American company International Business Machines IBM. Versions 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, and 1.0.2.7 of this platform have a path...

HP LaserJet Printers Path Traversal (CVE-2010-4107)

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers...

Follett Destiny Library Manager 安全漏洞

Follett Destiny Library Manager is a school library resource and collection management system developed by the Follett company in the United States. The version 2202rc1 of Follett Destiny Library Manager contains security vulnerabilities. These vulnerabilities are due to directory traversal...

EUVD-2025-209923

Directory traversal in Follett Software's Destiny Library Manager 2202rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

CVE-2026-39053

Oinone Pamirs 7.0.0 contains an XML External Entity XXE issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils.fromXML... or ViewXmlUtils.fromXML..., unsafe XML processing can lead to file disclosure or SSRF...

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

CVE-2026-41551

ROS# vulnerability CVE-2026-41551 affects all versions

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

Siemens ROS# 安全漏洞

Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Versions of Siemens ROS prior to V2.2.2 contained security vulnerabilities. These vulnerabilities were caused by improperly cleaned user inputs, leading to path traversal attacks. Th...

Astra Linux - уязвимость в chromium

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

Wangshen SecGate 3600 Path Traversal Vulnerability

Wangshen SecGate 3600 2400 contains a path traversal caused by manipulation of the 'filename' argument in '?g=logexportfile', letting remote attackers access arbitrary files, exploit requires remote access. id: CVE-2025-4078 info: name: Wangshen SecGate 3600 Path Traversal Vulnerability author: A...

CVE-2026-41370 OpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP Dispatch

OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories...

CVE-2026-41370

OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories...

CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 other versions may be affected exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An...

CVE-2026-40576

excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...

CVE-2026-40576

CVE-2026-40576 summary (Excel-MCP Server) : A path-traversal flaw in excel-mcp-server (versions } } (Note: The response contains the required JSON object with the concise, fact-grounded insight in Markdown.) Wait: The above seems malformed. Need only a single JSON object with insight string. Let'...

CVE-2026-40576

excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...

excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

PT-2026-33225

Name of the Vulnerable Software and Affected Versions excel-mcp-server versions prior to 0.1.8 Description A path traversal issue exists when the server runs in SSE or Streamable-HTTP transport mode. An unauthenticated network attacker can read, write, and overwrite arbitrary files on the host...

CVE-2026-40086

Rembg: Path traversal in the HTTP server allows unauthenticated remote attackers to read arbitrary files via a crafted model_path parameter. Affected versions are prior to 2.0.75; the issue can reveal file existence, permissions, and potentially contents through error messages. The vulnerability ...