PT-2026-31032

Name of the Vulnerable Software and Affected Versions Emmett versions 2.5.0 through 2.8.0 Description Emmett, a full-stack Python web framework, contains a path traversal flaw in its RSGI static handler for internal assets / emmett paths. An attacker can use '../' sequences in requests, such as '...

Linux Distros Unpatched Vulnerability : CVE-2019-25683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying ...

SUSE CVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

Directory Traversal

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Directory Traversal via the validatepath function. An attacker can access arbitrary files on the system by supplying crafted file paths that...

GHSA-693F-PF34-72C5 PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

GHSA-R9X3-WX45-2V7F PraisonAI recipe registry publish path traversal allows out-of-root file write

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

PraisonAI recipe registry publish path traversal allows out-of-root file write

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Relative Path Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the unzip method in the ApicurioCodegenWrapper class. An attacker can write files outside the intended output directory by supplying a crafted ZIP archive containing entries with...

PYSEC-2026-71

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

PYSEC-2026-71

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting ../ segments in...

Directory Traversal

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting ../ segments...

Directory Traversal

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting...

Directory Traversal

Overview kedro-datasets is a Kedro-Datasets is where you can find all of Kedro's data connectors. Affected versions of this package are vulnerable to Directory Traversal via the PartitionedDataset component. An attacker can overwrite arbitrary files on the filesystem by supplying partition IDs...

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...