PT-2026-31665

Name of the Vulnerable Software and Affected Versions AGiXT versions prior to 1.9.2 Description AGiXT is a dynamic AI Agent Automation Platform. The safe join function in the essential abilities extension does not properly validate file paths, allowing authenticated attackers to use directory...

xibocms 3.3.4 - RCE

Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/ Software Link: https://github.com/xibosignage/xibo-cms Version: 1.8.0 - 2.3.16, 3.0.0 - 3.3.4 Tested on: Ubuntu Linux Docker, Xibo CMS 3.3.4...

PT-2026-31461

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-39847

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-34371

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

CVE-2026-39365

A flaw was found in Vite. The development server's handling of .map requests contains a path traversal vulnerability. A remote attacker can exploit this by sending a specially crafted request with directory traversal sequences ../ to bypass security restrictions. This allows the attacker to...

CVE-2026-39847 Emmett has a path traversal in internal assets handler

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-39847 Emmett has a path traversal in internal assets handler

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-39847

Emmett (Python web framework) versions 2.5.0 through before 2.8.1 are affected by a path traversal vulnerability in the RSGI static handler for internal assets located under /emmett . An attacker can abuse ../ sequences (for example /emmett /../rsgi/handlers.py) to read arbitrary files outside th...

CVE-2026-34371 LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

EUVD-2026-19946

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

CVE-2026-34371 LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

CVE-2026-34371

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

CVE-2026-34371

Summary: LibreChat before version 0.8.4 is vulnerable to an arbitrary file write via artifact filename traversal when using the default local file strategy. The server-side path is constructed by concatenating a user-controlled artifact name containing traversal sequences (e.g., ../../../../../ap...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the QQ Bot media-send path. An attacker can access arbitrary files on the host filesystem by crafting structured payloads that specify file paths outside of intend...

CVE-2026-39308

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious...

CVE-2026-35615

PraisonAI is a multi-agent teams system. Prior to 1.5.113, validatepath calls os.path.normpath first, which collapses .. sequences, then checks for '..' in normalized. Since .. is already collapsed, the check always passes. This makes the check completely useless and allows trivial path traversal...