Lucene search
K

5338 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-408 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

9CVSS6.7AI score0.0226EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-386 pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

9.1CVSS7.7AI score0.01307EPSS
Exploits1References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-312 Ckan remote code execution and private information access via crafted resource ids

Specific vulnerabilities: Arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also reachable via packagecreate, packagerevise, and packagepatch via calls to packageupdate. Remote code execution via unsafe pickle loading, via Beaker's session store...

9.8CVSS7.9AI score0.01684EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-509 qdrant input validation failure

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...

9.8CVSS7.4AI score0.00901EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-493 pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)

Summary Path Traversal in pyLoad-ng CNL Blueprint via package parameter allows Arbitrary File Write leading to Remote Code Execution RCE The addcrypted endpoint in pyload-ng suffers from an unsafe path construction vulnerability, allowing unauthenticated attackers to write arbitrary files outside...

9.8CVSS6.6AI score0.01191EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-292 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

9.6CVSS6.1AI score0.00658EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-293 BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

9.6CVSS6.2AI score0.00447EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-324 DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-322 DB-GPT Arbitrary File Write vulnerability

In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...

9.1CVSS7.7AI score0.00994EPSS
Exploits1References7
NVD
NVD
added 2026/06/29 9:16 a.m.10 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00135EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 9:16 a.m.4 views

UBUNTU-CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:59 p.m.7 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 8:16 p.m.4 views

UBUNTU-CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:31 p.m.6 views

CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 7:13 p.m.5 views

GHSA-F6M5-XW2G-XC4X Incus has an arbitrary file write on its client due to trusted image hash

Summary An arbitrary file write exists in the Incus client when a malicious image server returns a crafted Incus-Image-Hash header. This can lead to arbitrary command execution as root on the server. Details - cmd/incusd/images.go:611-684 handles source.type=url by HEADing the user-supplied URL,...

9.9CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:47 p.m.3 views

GHSA-CCJC-4QC3-JXQC Incus has an arbitrary file write via path traversal in S3 multipart upload

Summary The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution. In internal/server/storage/s3/local/multipart.go, user-controlled upload ID is appended to the uploads directory...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 6:46 p.m.3 views

GHSA-VXP5-584Q-C479 Incus has arbitrary file read+write on host via templates/ symlink in malicious image

Summary A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details For container images, internal/server/storage/utils.go calls archive.UnpackimageFile, destPath, .... The tar extraction pa...

9.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:32 p.m.4 views

GHSA-73HR-M85F-64V9 Incus has an arbitrary file write on host via `exec-output` symlink in crafted image

Summary The record-output parameter of the /instances/$name/exec endpoint stores the output of the command in the exec-output directory of the instance. If exec-output is a symlink, file named execUUID.stdout and execUUID.stderr can be written to an arbitrary location where the .stdout file will...

9.9CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 4:32 p.m.3 views

GHSA-44HJ-4M45-FRJ3 Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References3
Rows per page
Query Builder