EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-2334)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the...

CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

Jupyter Server 路径遍历漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier contain a path traversal vulnerability. This vulnerability stems from path traversal issues in the REST API, which may all...

CVE-2026-6940

CVE-2026-6940 : radare2 versions before 6.1.4 contain a path traversal vulnerability in the project deletion feature. A local attacker can supply absolute paths that escape the dir.projects root to recursively delete arbitrary directories, by targeting project marker files outside the project sto...

CVE-2026-6940 radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion

radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...

GHSA-XJVP-7243-RG9H Wish has SCP Path Traversal that allows arbitrary file read/write

Summary The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../...

PT-2026-37134

Name of the Vulnerable Software and Affected Versions Wish versions 2.0.0 through 2.0.0 Description The SCP middleware in charm.land/wish/v2 is subject to path traversal. A malicious SCP client can read and write arbitrary files, as well as create directories outside the configured root directory...

GHSA-2943-CRP8-38XX goshs is Missing Write Protection for Parametric Data Values

Summary The SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. Details Here is the issue: go // helper.go:155-215 func cmdFileroot string, r sftp.Request, ip string, sftpServer SFTPServer error fullPath...

CVE-2026-40188

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

EUVD-2026-12726

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

CVE-2025-39664

CVE-2025-39664: In Checkmk, insufficient escaping in the report scheduler enables path traversal in affected versions (Checkmk &lt;2.4.0p13, &lt;2.3.0p38,