heise online

Secure Coding: Best practices for using Java NIO against path traversal

The article Secure Coding: Preventing unauthorized access through path traversal (CWE-22) has already described the dangers posed by the critical vulnerability CWE-22 (path traversal) in software ...
heise online

Secure coding: Prevent unauthorized access through path traversal (CWE-22)

Common Weakness Enumeration CWE-22, commonly referred to as "path traversal", is a vulnerability in which an application does not appropriately restrict the paths that users can access via ...
IT News For Australia Business

Serious path traversal bug found in Microsoft's NLWeb "Agentic Web" tool

Microsoft's open source NLWeb framework for delivering AI-driven agentic web applications shipped with an easy to exploit path traversal vulnerability that revealed the context of sensitive system ...
CSOonline

CISA, FBI urge developers to patch path traversal bugs before shipping

US Cybersecurity Infrastructure and Security Agency (CISA) and the FBI have issued a joint advisory to developers, urging them to check for path traversal vulnerabilities before shipping a software.
TechRadar

FBI and CISA tell devs to crack down on security issues before releasing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), published a new joint security alert earlier this week, urging software developers to ...
Threat Post

Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Netgear’s Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files. Netgear’s ...
CSOonline

Mitel MiCollab VoIP authentication bypass opens new attack paths

Researchers released a proof-of-concept exploit for a path traversal flaw in the enterprise VoIP suite that, coupled with an arbitrary file read issue, can give attackers access to protected files, ...