Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20750 matches found

OSV
OSVadded 2026/04/08 10:16 p.m.1 views

UBUNTU-CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/08 9:35 p.m.4 views

CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.5AI score0.00167EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/08 9:35 p.m.2 views

CVE-2026-40024 Sleuth Kit tsk_recover Path Traversal

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.5AI score0.00167EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/08 9:35 p.m.21 views

CVE-2026-40024 Sleuth Kit tsk_recover Path Traversal

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS0.00167EPSS
Exploits0References3
CVE
CVEadded 2026/04/08 9:35 p.m.15 views

CVE-2026-40024

The vulnerability affects Sleuth Kit up to version 4.14.0, specifically in the tsk_recover component. A path traversal flaw allows an attacker to write files outside the intended recovery directory by crafting filesystem images with embedded /.. sequences in filenames, which can lead to overwriti...

8.4CVSS6.5AI score0.00167EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2026/04/08 9:35 p.m.2 views

CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.2AI score0.00167EPSS
Exploits0
Snyk
Snykadded 2026/04/08 9:0 p.m.2 views

HTTP Request Smuggling

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to HTTP Request Smuggling in ChunkedInputFilter, when handling HTTP/1.1 requests with invalid chunk extensions. An attacker can interfere with the interpretation of HT...

8.2CVSS5.8AI score0.00453EPSS
Exploits0References2
Snyk
Snykadded 2026/04/08 9:0 p.m.4 views

HTTP Request Smuggling

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to HTTP Request Smuggling in ChunkedInputFilter, when handling HTTP/1.1 requests with invalid chunk extensions. An attacker can interfere with the interpretation of...

8.2CVSS5.8AI score0.00453EPSS
Exploits0References2
Snyk
Snykadded 2026/04/08 8:2 p.m.3 views

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via unsanitized path parameters in the protectWhitespace function. An attacker can execute arbitrary FTP commands by...

9.8CVSS6.3AI score0.01945EPSS
Exploits1References2
OSV
OSVadded 2026/04/08 8:2 p.m.0 views

GHSA-CHQC-8P9Q-PQ6Q basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.1AI score0.01945EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/04/08 8:2 p.m.55 views

basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.2AI score0.01945EPSS
Exploits1References5Affected Software1
Snyk
Snykadded 2026/04/08 8:2 p.m.0 views

Directory Traversal

Overview agixt is an An Artificial Intelligence Automation Platform. AI Instruction management from various providers, has an adaptive memory, and a versatile plugin system with many commands including web browsing. Supports many AI providers and models and growing support every day. Affected...

8.8CVSS6.4AI score0.01318EPSS
Exploits1References2
OSV
OSVadded 2026/04/08 8:2 p.m.3 views

GHSA-5GFJ-64GH-MGMW AGiXT Vulnerable to Path Traversal in safe_join()

Summary The safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT...

8.8CVSS6AI score0.01318EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2026/04/08 8:2 p.m.6 views

AGiXT Vulnerable to Path Traversal in safe_join()

Summary The safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT...

8.8CVSS6.1AI score0.01318EPSS
Exploits1References5Affected Software1
Snyk
Snykadded 2026/04/08 7:21 p.m.2 views

Directory Traversal

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Directory Traversal in the MultiAgentLedger and MultiAgentMonitor components. An attacker can access sensitive context data...

8.6CVSS6.3AI score
Exploits0References2
Snyk
Snykadded 2026/04/08 7:21 p.m.2 views

Directory Traversal

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Directory Traversal in the MultiAgentLedger and MultiAgentMonitor components. An attacker can access sensitive context data belonging to oth...

8.6CVSS6.3AI score
Exploits0References2
Snyk
Snykadded 2026/04/08 7:21 p.m.3 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.6CVSS6.3AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/08 7:21 p.m.16 views

PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling

Summary The MultiAgentLedger and MultiAgentMonitor components in the provided code exhibit vulnerabilities that can lead to context leakage and arbitrary file operations. Specifically: 1. Memory State Leakage via Agent ID Collision: The MultiAgentLedger uses a dictionary to store ledgers by agent...

8.8CVSS6.6AI score
Exploits0References4Affected Software1
OSV
OSVadded 2026/04/08 7:21 p.m.1 views

GHSA-766V-Q9X3-G744 PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling

Summary The MultiAgentLedger and MultiAgentMonitor components in the provided code exhibit vulnerabilities that can lead to context leakage and arbitrary file operations. Specifically: 1. Memory State Leakage via Agent ID Collision: The MultiAgentLedger uses a dictionary to store ledgers by agent...

6.5CVSS6.5AI score
Exploits0References4
Snyk
Snykadded 2026/04/08 7:15 p.m.2 views

Directory Traversal

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Directory Traversal inadequate enforcement of access control in the readFile, saveFile, deleteFileOrFolder, renameFile, createFile, and createFolder endpoints, which fail ...

8.6CVSS6.3AI score0.00471EPSS
Exploits1References2
Rows per page
Query Builder