Mastodawn

Epiphyt Embed Privacy ≤1.12.3 is affected by CVE-2026-57346 (HIGH, CVSS 7.1): path traversal via improper pathname checks. Assess your deployments and watch for mitigations. https://radar.offseq.com/threat/cve-2026-57346-cwe-22-improper-limitation-of-a-pat-b3034ca61c60516d #OffSeq #CVE202657346 #Vuln #PathTraversal

OffSequence Jun 22

CVE-2026-56448 (HIGH, CVSS 8.3) in ail framework v0: Authenticated users can exploit path traversal to access files beyond intended dirs. Restrict permissions & monitor file access until patch is released. https://radar.offseq.com/threat/cve-2026-56448-cwe-22-improper-limitation-of-a-pat-b86f90bac29cd4fa #OffSeq #CyberSecurity #Vuln #PathTraversal

OffSequence Jun 22

CVE-2026-56394: HIGH severity path traversal in Craft CMS 4.0.0-RC1 & 5.0.0-RC1. Authenticated attackers can read local files via assets/icon endpoint. Restrict access & monitor activity. No patch yet. https://radar.offseq.com/threat/cve-2026-56394-improper-limitation-of-a-pathname-t-139f3a46ea00069e #OffSeq #CraftCMS #Vuln #PathTraversal

OffSequence Jun 18

⚠️ CRITICAL: CVE-2026-48768 in typebot.io (≤3.16.1) allows unauthenticated path injection — attackers can upload HTML/JS to public paths, risking stored XSS. Upgrade to 3.17.0. https://radar.offseq.com/threat/cve-2026-48768-cwe-22-improper-limitation-of-a-pat-bab741214d20a19d #OffSeq #CVE202648768 #Infosec #PathTraversal

Analyst207 Jun 16

Fortinet Sandbox Flaws Under Active Exploitation

Critical Fortinet Sandbox vulnerabilities are under active attack, with hackers exploiting flaws like CVE-2026-39813, a severe path traversal bug that allows authentication bypass. Fortinet patched these bugs in April, but users must upgrade ASAP to avoid being compromised.

https://osintsights.com/fortinet-sandbox-flaws-under-active-exploitation?utm_source=mastodon&utm_medium=social

#Fortinet #Fortisandbox #Cve202639813 #PathTraversal #AuthenticationBypass

Fortinet Sandbox Flaws Under Active Exploitation

Fortinet Sandbox flaws are under active exploitation, learn how to protect yourself now and upgrade to secure your system from critical vulnerabilities today.

OSINTSights

Analyst207 Jun 10

Attackers Exploit Langflow Path Traversal Flaw in Active Attacks

A single, unauthenticated request is all it takes to exploit a high-severity flaw in Langflow, a popular AI development platform, allowing attackers to write arbitrary files to its filesystem. This is made possible by a path traversal vulnerability, CVE-2026-5027, which can be easily triggered due to Langflow's default…

https://osintsights.com/attackers-exploit-langflow-path-traversal-flaw-in-active-attacks?utm_source=mastodon&utm_medium=social

#Langflow #PathTraversal #Cve20265027 #AiDevelopment #VulnerabilityExploitation

Attackers Exploit Langflow Path Traversal Flaw in Active Attacks

Learn how attackers exploit Langflow path traversal flaw in active attacks and protect your AI development platform from CVE-2026-5027 vulnerability now.

OSINTSights

Analyst207 Jun 10

Langflow Vulnerability Exploited for Unauthenticated Remote Code Execution

A single, unauthenticated request is all it takes to exploit a high-severity flaw in Langflow, allowing attackers to execute remote code without needing any login credentials. This vulnerability, tracked as CVE-2026-5027, enables malicious actors to write files to any location on a host…

https://osintsights.com/langflow-vulnerability-exploited-for-unauthenticated-remote-code-execution?utm_source=mastodon&utm_medium=social

#LangflowVulnerability #UnauthenticatedRemoteCodeExecution #Cve20265027 #PathTraversal #EmergingThreats

Langflow Vulnerability Exploited for Unauthenticated Remote Code Execution

Learn how to protect against Langflow vulnerability exploited for remote code execution and take action now to secure your system from potential attacks and data breaches effectively today.

OSINTSights

Hacker News Jun 10

Notepad++ Zero-Click RCE via Path Traversal (CVE-2026-52884)

https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-p58x-r3c9-x9p6

#HackerNews #Notepad++ #ZeroClick #RCE #PathTraversal #CVE2026 #52884 #Cybersecurity

CVE-2026-48800 Bypass

## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link Resolution) **Impact**: Arbitrary Code Execution...

GitHub

cyberowy Jun 7

🚨 Luka w Apache MINA SSHD (CVE-2026-48827) pozwala na odczyt plików

Wykryto lukę path traversal w popularnej bibliotece Java do obsługi SSH. Umożliwia ona uwierzytelnionym użytkownikom dostęp do repozytoriów Git poza wyznaczonym katalogiem, stwarzając ryzyko wycieku kodu źródłowego.

→ https://cyberowi.pl/luka-w-apache-mina-sshd-cve-2026-48827-pozwala-na-odczyt/

#cve #apachemina #pathtraversal #java

#cyberbezpieczenstwo

Harald Jun 6

Java challenge.

Given a String of unknown origin, convert it to a Path tail such that
1) other.resolve(tail) is guaranteed to be a file or dir below other (assume sym links are not an issue)
2) the conversion fails if (1) can not be met
3) worst case, assume other and tail may be for a different FileSystem

Main problem I see: "..\\a" has one element on a Linux filesystem, but resolving it onto a Windows Path other creates a Path outside of other.

#Java #jdk #path #pathtraversal