CVE-2026-40084

Summary: CVE-2026-40084 affects CACTI

CVE-2025-71338

Flowise is affected by a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem by crafting unsanitized fileName parameters with ../ sequences. This can overwrite critical files (e.g., pac...

CVE-2025-71334

Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that chatflowId and chatId are UUIDs or numbers in file handling. An attacker can use path traversal (e.g., ../../../../../tmp) via /api/v1/chatflows (addBase64File...

CVE-2025-71333

Flowise (v2.2.4) contains an unauthenticated arbitrary file upload vulnerability at the /api/v1/attachments endpoint when storageType is set to local. The issue allows path traversal via chatId and chatflowId parameters to upload files to arbitrary directories, potentially enabling remote code ex...

CVE-2025-71324

Flowise before 3.0.6 has an arbitrary file-read vulnerability in the chatId parameter of /api/v1/get-upload-file and /api/v1/openai-assistants-file/download. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is ...

CVE-2026-56445

The CVE-2026-56445 issue affects the qrscp application’s C-STORE handler. It directly uses an attacker-supplied DICOM dataset instance in os.path.join() without sanitization, enabling writes to arbitrary file paths on the system. This is a path traversal vulnerability in the file-write path, with...

EUVD-2026-39562

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

CVE-2026-6681

This CVE concerns wolfSSL prior to 5.9.1, where the PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded data to be written beyond the provided buffer. Affected: wolfSSL 5.9.0 and earlier. Impact is described as low (per CVSS 4.0), with no explicit exploi...

EUVD-2026-39556

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

CVE-2026-55964

CVE-2026-55964 describes a change in certificate path validation affecting OpenSSL-compatibility path building (X509_verify_cert / X509_STORE). Previously, chain-supplied temporary CAs (WOLFSSL_TEMP_CA) could be accepted as signing CAs even if the intermediate CA had CA:TRUE but lacked keyCertSig...

EUVD-2026-39544

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

CVE-2026-54250

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

CVE-2026-54096

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

CVE-2026-54097

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

CVE-2026-50549

Cursor before version 3.0 contains a sandbox escape: if path canonicalization fails, a write can be redirected via an in-workspace symlink to arbitrary locations outside the workspace, enabling non-sandboxed Remote Code Execution under the user’s privileges. Affected: Cursor editor (pre-3.0) with...

EUVD-2026-39536

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...

CVE-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

CVE-2026-54917

SeaweedFS prior to version 4.30 exposes a path traversal flaw in the S3 gateway and the Iceberg REST catalog gateway. Both gateways constructed their routers with mux.NewRouter().SkipClean(true), so with path cleaning disabled a .. segment in a URL like GET /bucket-A/../evil-bucket/key can surviv...

EUVD-2026-39535

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...