Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/25 5:39 p.m.30 views

CVE-2026-54093 File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:39 p.m.24 views

CVE-2026-54093

CVE-2026-54093 affects File Browser prior to v2.63.6, where archive entry names for zip/tar are built using Windows-style backslashes. On Linux, backslashes are preserved in names, allowing a Windows-style traversal like ....\evil.txt to be written on disk and then emitted verbatim in the archive...

6.8CVSS6AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31353

Summary The upload filename sanitization introduced in GHSA-9ffm-fxg3-xrhh uses PurePosixPathfilename.name to strip path components. Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes in the upload...

5.9CVSS6.3AI score0.00371EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/02 10:26 p.m.3 views

Directory Traversal

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the validateAppId function. An attacker can access arbitrary files and directories outside the intended directory by...

5.4CVSS6.5AI score0.00384EPSS
Exploits1References2
RustSec
RustSec
added 2024/05/22 12:0 p.m.9 views

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS8AI score0.00816EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.7 views

SUSE CVE-2018-7212

An issue was discovered in rack-protection/lib/rack/protection/pathtraversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters...

5.3CVSS7.1AI score0.01874EPSS
Exploits0References3
Rows per page
Query Builder