123 matches found
EUVD-2026-31177
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...
CVE-2026-39405
The vulnerability CVE-2026-39405 affects Frappe LMS. In versions 2.50.0 and earlier, a user with a course editing role could upload a SCORM ZIP package that allowed writing files outside the intended directory, constituting a path traversal risk. The issue has been fixed in version 2.50.1. The av...
Astra Linux - уязвимость в targetcli-fb
The Open-iSCSI TargetCLI-fb version up to 2.1.52 has weak permissions for the /etc/target directory as well as for the backup directory and backup files...
PT-2026-41960
Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...
CLSA-2026-1778269628 libssh: Fix of CVE-2026-0964
CVE-2026-0964: SCP path traversal via crafted filenames in sshscppullrequest allowing files to be written outside the intended directory...
Directory Traversal
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Directory Traversal through insufficient validation of reference paths in the creation, renaming, and deletion. An attacker can write, overwrite, move, or delete files...
CVE-2026-3087
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...
BIT-PYTHON-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...
EUVD-2026-25922
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...
CVE-2026-3087
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...
CVE-2026-3087
If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...
PT-2026-35528
Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description On Windows, the shutil.unpack archive function fails to properly check for absolute paths within ZIP archives. If an archive contains a path with a drive letter e.g., C:, files may be extract...
CPython 路径遍历漏洞
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a path traversal vulnerability. This vulnerability arises when processing ZIP archives that contain absolute Windows paths, potentially allowing the archive to be extracted outside of the target...
EUVD-2026-25022
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
uutils coreutils has an Improper Handling of Unicode Encoding Issue
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
GHSA-XH5H-P8C5-4W4X uutils coreutils has an Improper Handling of Unicode Encoding Issue
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35373
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35373 uutils coreutils ln Local Denial of Service via Improper Handling of Non-UTF-8 Filenames
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
CVE-2026-35373
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...