CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.26 had a path traversal vulnerability. This vulnerability stemmed from flaws in the workspace boundary validation, allowing for path traversal that could lead to file writing...

Zip Slip path traversal in keras.utils.get_file(..., extract=True) archive extraction

Summary Keras' download helper keras.utils.getfile..., extract=True via keras/src/utils/fileutils.py extracts zip/tar archives and attempts to filter unsafe member paths. However, the filter computes its base directory as the process CWD resolvepath"." rather than the extraction target directory...

ROS-20260128-73-0048

Vulnerability in kernel-lt related to writing outside buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

curl 路径遍历漏洞

curl is an open-source tool developed by cURL, used for transferring data from or to a server. Curl has a path traversal vulnerability, which allows attackers to traverse directories using wcurl, resulting in writing files outside of the service’s root path...

Jujutsu 路径遍历漏洞

Jujutsu is a powerful version control system for software projects from the individual developer Martin von Zweigbergk. A path traversal vulnerability previously existed in Jujutsu version 0.23.0, which stems from the fact that a specially crafted Git repository could cause jj to write files...

ROS-20240725-13

A vulnerability in the NVIDIA GPU Display Driver software driver for Linux is related to privilege management errors. Exploitation of the vulnerability could allow an attacker to disclose protected information and cause a denial of service A vulnerability in the NVIDIA GPU Display Driver for Linu...

SUSE-SU-2024:2463-1 Security update for squashfs

This update for squashfs fixes the following issues: - CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools bsc935380 - CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination bsc1189936 - CVE-2021-41072: Fixed an issu...

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

SUSE: Security Advisory (SUSE-SU-2023:4591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the gf_isom_use_compact_size() function on the GPAC multimedia platform allows a hacker to trigger a service failure.

The vulnerability of the gfisomusecompactsize function on the GPAC multimedia platform is related to writing outside the field. Exploiting this vulnerability could allow an attacker to cause a service failure...

go-unzip 路径遍历漏洞

Package go-unzip is a very simple library from the personal developer Dariusz Prząda. It is used to extract zip archives. A path traversal vulnerability exists in go-unzip, which stems from an incorrect path, where an archive containing relative file paths may cause files to be written or...

CVE-2021-40153

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

The vulnerability of the GNU Aspell spell-checking program lies in its ability to write outside the field, allowing a hacker to execute arbitrary code.

The vulnerability of the GNU Aspell spell checker lies in its ability to be executed outside of the field. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the Intel Active Management Technology implementation arises from the possibility of writing operations outside of the buffer in memory, allowing an attacker to exploit their privileges.

The vulnerability of the Intel Active Management Technology implementation is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges...