SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system causing low impact on Confidentiality and Integrity. Availability of the system is no impacted.

SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or modify sensitive information or render any part of the local system unavailable.

该漏洞存在于SAP NetWeaver Application Server Java的Web Container组件中。攻击者无需身份验证即可构造恶意的HTTP登录请求，通过操纵文件包含参数，实现路径遍历攻击。成功利用后，攻击者可以读取或修改服务器上的敏感文件，甚至可能导致系统部分功能不可用。该漏洞的CVSS评分为9.0 (Critical)，攻击向量为网络，攻击复杂度较高（需要一定的技巧），但无需用户交互，且影响范围广泛（机密性、完整性、可用性均为高）。目前尚未有在野利用的公开报告，也未列入已知被利用漏洞目录（KEV）。建议受影响用户尽快应用SAP官方安全补丁，同时限制对Web Container的网络访问，尤其是来自不可信网络的请求。由于漏洞影响核心业务组件，且可能造成严重数据泄露或服务中断，应优先处理。

CVE-2026-24315 是 SAP Fiori Launchpad 中的一个安全漏洞。攻击者可以构造恶意的 URL，当用户点击该 URL 时，会触发 Fiori 域上的任意服务调用。此漏洞允许攻击者通过精心设计的链接窃取用户的凭证，从而导致账户受损。成功利用此漏洞需要攻击者具有系统的深入了解，且需要用户交互（点击链接），因此攻击复杂度较高。漏洞对机密性和完整性的影响较低，不影响系统可用性。该漏洞的 CVSS 评分为 4.2（中等），攻击向量为网络，攻击复杂度高，无需特权，需要用户交互，影响范围未改变。目前该漏洞尚未被列入已知利用漏洞目录（KEV），也未有在野利用的报告。建议 SAP Fiori Launchpad 用户尽快应用 SAP 官方提供的安全补丁，同时限制对 Fiori 应用的网络访问，并对用户进行安全意识培训，避免点击可疑链接。

Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote server deployment feature, this vulnerability enables arbitrary file write to remote server filesystems, a

`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. *

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can result in heimdall authorizing a request for one path (e.g., /user/../admin, or URL-encoded variant

### Impact A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to inject

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.