EUVD-2026-19416

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2026-35167

CVE-2026-35167 affects Kedro. The _get_versioned_path() function constructs filesystem paths by directly interpolating user-supplied version strings, preserving traversal sequences like ../ and enabling access outside the intended versioned dataset directory. This affects multiple entry points (c...

CVE-2026-34783

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...

CVE-2026-34783 Ferret has a Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...

CVE-2026-34783 Ferret has a Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...

EUVD-2026-19353

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...

CVE-2026-34783

CVE-2026-34783 is a path traversal in Ferret’s IO::FS::WRITE (and related IO::FS::READ) that lets an attacker cause arbitrary file writes during web scraping by supplying filenames containing ".." sequences. A malicious website can manipulate output paths so the attacker controls destination and ...

CVE-2026-32871

A flaw was found in FastMCP. An authenticated attacker can exploit a path traversal vulnerability in the buildurl method of the RequestDirector class. By manipulating path parameters in an OpenAPI operation, an attacker can use directory traversal sequences ../ to bypass the intended API prefix...

CVE-2026-22661

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing...

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.315 Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that provides some useful decorators and context managers, h...

PT-2026-30763

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI is susceptible to a path traversal issue due to a flaw in the validate path function. This function first calls os.path.normpath, which collapses '..' sequences, and then checks for the...

PT-2026-30767

Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...

📄 Zhiyuan OA Traversal / File Upload

Path traversal and improper validation in the multipart file upload handling of Zhiyuan OA's wpsAssistServlet allows an attacker to place crafted files outside the intended directories by controlling the realFileType and fileId parameters. Exploit Title: Zhiyuan OA - arbitrary file upload leading...

Zhiyuan OA - arbitrary file upload leading

Exploit Title: Zhiyuan OA - arbitrary file upload leading Google Dork / FOFA: app="致远互联-OA" && title="V8.0SP2" Date: 1-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://service.seeyon.com/ Software Link: vendor download / product page if available Version: 5.0, 5.1–5.6sp1,...

Directory Traversal

Overview phpbb/phpbb is a Forum Software application. Affected versions of this package are vulnerable to Directory Traversal via the plupload process and the phar:// stream wrapper. An attacker can execute arbitrary code by uploading a crafted archive containing serialized PHP objects that are...

Directory Traversal

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can write arbitrary files on the...

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can...