Path Traversal

github.com/charmbracelet/wish is vulnerable to Path Traversal. The vulnerability is due to improper validation of SCP filenames containing traversal sequences, which allows an attacker to read, write, or create files and directories outside the configured root directory...

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

CVE-2025-22873 Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

GO-2026-4403 Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

EUVD-2019-0425

Malware in sbrugna...

Mageia: Security Advisory (MGASA-2025-0222)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0222 Updated ceph packages fix vulnerability

Security regression CVE-2025-52555 that would have allowed an user to read, write and execute to any directory owned by root as long as they chmod 777 it...

Linux Distros Unpatched Vulnerability : CVE-2025-27610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specifi...

Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.3 bsc1236217: Security fixes: CVE-2025-22873: Fixed os.Root permits access to parent directory bsc1242715 Changelog: go73556 go73555 security: fix CVE-2025-22873 os: Root permits access to parent directory go73082 os: Root.Open...

SUSE-SU-2025:01551-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.3 bsc1236217: Security fixes: - CVE-2025-22873: Fixed os.Root permits access to parent directory bsc1242715 Changelog: go73556 go73555 security: fix CVE-2025-22873 os: Root permits access to parent directory go73082 os: Root.Open...

Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.3 bsc1236217: Security fixes: CVE-2025-22873: Fixed os.Root permits access to parent directory bsc1242715 Changelog: go73556 go73555 security: fix CVE-2025-22873 os: Root permits access to parent directory go73082 os: Root.Open...

PT-2024-9664

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 14.2.15 Description The issue is related to authorization bypass in Next.js applications when authorization is performed in middleware based on pathname. This allows attackers to bypass security checks for pages...

CVE-2023-5907

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowe...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

PT-2022-23818 · Unknown · Patrickfuller Camp

Name of the Vulnerable Software and Affected Versions: patrickfuller camp versions up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 Description: The issue concerns Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root director...

MELAG FTP Server 路径遍历漏洞

MELAG FTP Server is an FTP server from the German company MELAG. A security vulnerability exists in MELAG FTP Server version 2.2.0.4, which originates from a system that allows an attacker to break into the root directory of the FTP server and run it on the entire operating system using the CWD...

CVE-2022-23446

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission...

Design/Logic Flaw

A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission...

NETGEAR R6700v3 信息泄露漏洞

NETGEAR R6700v3 is the Nighthawk AC1750 Smart Dual Band Gigabit Router from Netgear USA. The NETGEAR R6700v3 suffers from an information disclosure vulnerability that stems from a specific flaw in the httpd service, where string matching logic is incorrect when accessing a protected page. An...

Phoenix Contact AXL F BK and IL BK 信任管理问题漏洞

Phoenix Contact AXL F BK PN is a bus coupler from Phoenix Contact, Germany. A security vulnerability exists in the Phoenix Contact AXL F BK and IL BK that stems from the program having undocumented password-protected FTP access to the root directory...