Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Impact On POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code and...

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

GHSA-3CV5-Q585-H563 Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...

USN-5376-6 git regression

USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could...

CVE-2025-65213

MooreThreads torch_musa is affected. The vulnerability resides in the function compare_for_single_op() / nan_inf_track_for_single_op() in torch_musa.utils.compare_tool , which uses pickle.load() on user-controlled file paths without validation, enabling remote code execution with the victim proce...

CVE-2025-8941 Linux-pam: incomplete fix for cve-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

WordPress plugin Otter 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in the WordPress...

Kardex Control Center 代码注入漏洞

Kardex Control Center is a logistics control and warehouse management system from Kardex Corporation. A security vulnerability exists in Kardex Control Center version 5.7.12+0-a203c2a213-master, which stems from user-controllable paths being passed to the path-concatenation method without proper...

CVE-2022-25848

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2019-0381

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user...

Cisco Prime Collaboration Provisioning logconfigtracer.jsp Arbitrary File Deletion (CVE-2017-6637)

An arbitrary file deletion vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted reques...