23 matches found
CVE-2026-41010
ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...
PT-2026-45750
Name of the Vulnerable Software and Affected Versions Gleam versions 1.16.0 through 1.17.0 Description A path traversal issue exists in the handling of custom documentation pages. The documentation.pages entries within the gleam.toml file are incorporated into filesystem paths without sufficient...
Open Redirect
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Open Redirect via the save function. An attacker can overwrite arbitrary files on the server by uploading files with crafted filenames containing directory travers...
Zip Slip path traversal in keras.utils.get_file(..., extract=True) archive extraction
Summary Keras' download helper keras.utils.getfile..., extract=True via keras/src/utils/fileutils.py extracts zip/tar archives and attempts to filter unsafe member paths. However, the filter computes its base directory as the process CWD resolvepath"." rather than the extraction target directory...
PT-2024-8705 · Siemens · Sinec Ins
Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 3 Description: A vulnerability has been identified in the affected application, which does not properly sanitize user-provided paths for SFTP-based file up- and downloads. This could allow an...
Werkzeug 路径遍历漏洞
Werkzeug is a comprehensive WSGI web application library open-sourced by Pallets. A path traversal vulnerability exists in Werkzeug versions prior to 3.0.6, which stems from the inability of os.path.isabs to catch UNC paths on Windows systems with Python versions less than 3.11, resulting in...
ZZCMS 安全漏洞
ZZCMS is a content management system CMS by the ZZCMS team in China. Directory traversal vulnerability exists in ZZCMS 2023 and previous versions, the vulnerability stems from insufficient validation and filtering of user-input file paths, which can be exploited by an attacker to delete arbitrary...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...
GHSA-6XV5-86Q9-7XR8 SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced
Impact For Windows users of github.com/cyphar/filepath-securejoin, until v0.2.4 it was possible for certain rootfs and path combinations in particular, where a malicious Unix-style /-separated unsafe path was used with a Windows-style rootfs path to result in generated paths that were outside of...
Directory Traversal
Overview elFinder.AspNet is an elFinder ASP.NET backend Affected versions of this package are vulnerable to Directory Traversal. The user-controlled file name is not properly sanitized before it is used to create a file system path. PoC A test environment is within the GitHub repository and can b...
CVE-2017-5381
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox 51...