CVE-2026-5014

The CVE-2026-5014 affects elecV2 elecV2P up to version 3.8.3, targeting the path.join operation in the /log/ component of the Wildcard Handler. The issue enables path traversal and can be exploited remotely. Public exploit exists; the project was informed via issue reports but has not responded. ...

CVE-2025-66277

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

CVE-2025-66277 QTS, QuTS hero

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

CVE-2025-66277

CVE-2025-66277 is a high-severity, network-exploitable vulnerability in several QNAP OS platforms where a crafted link can enable filesystem traversal to unintended locations. The CVE lists a root cause related to path traversal within a link-following component and indicates a modified impact on...

QNAP Systems QTS和QNAP Systems QuTS hero 后置链接漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QTS prior to 5.2.8.3350, as well as QNAP Systems QuTS Hero versions prior to h5.3.2.3354 and...

CVE-2026-1810

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

MiracleLinux 3 : samba-3.0.33-3.38.0.1.AXS3 (AXSA:2012-264:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-264:01 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files an...

CVE-2025-36236

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server formerly known as NIM master service nimesis could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system...

Linux Distros Unpatched Vulnerability : CVE-2019-17109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation. CVE-2019-17109 Note that Nessus relies on the presence of the packag...

CVE-2023-25688

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 247606...

CVE-2023-35020

IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257874...

PT-2023-20246 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 3.0 through 4.1.1 Description: The issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request containing dot dot sequences /../ to view...

SUSE CVE-2021-3178

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attac...

CVE-2022-43864

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 239427...

CVE-2021-44052

An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...

QNAP多款产品后置链接漏洞

QNAP Systems QNAP QuTScloud is a cloud-optimized version of the QNAP NAS operating system from QNAP Systems. A backlink vulnerability exists in QNAP QTS, QuTS hero, and QuTScloud that stems from a link tracking issue. A remote attacker could use this vulnerability to traverse the file system to a...

CVE-2020-5016

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to vi...

CVE-2021-3178

CVE-2021-3178 affects the Linux kernel NFSv3 export path: when exporting a subdirectory, READDIRPLUS can leak the parent directory file handle, allowing a client to access files outside the exported subtree. Descriptions note this through kernel 5.10.8; some advisories reference fixes in patched ...

CVE-2020-4782

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2020-4209

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to create arbitrary files on the system. IBM X-Force ID: 175019...