20848 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the filePath argument in the /airag/knowledge/doc/edit component. An attacker can access sensitive files outside the intended directory by supplying crafted input remotely. Details A Directory Traversal attack al...
Payload-XSS
Payload-XSS Daftar Isi 1. Payload Dasar 1-20payload-...
Exploit for CVE-2024-0070
CVE-2024-0070-NVIDIA-GPU-Driver--Resonance-Vulnerability NVIDI...
Exploit for Improper Initialization in Linux Linux_Kernel
markdown Chrono-Drip: Temporal Viscosity Exploitation Frame...
SUSE CVE-2026-24843
melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...
SUSE CVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...
SUSE CVE-2026-25145
melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...
SUSE CVE-2026-25161
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...
CVE-2026-25732
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
PYSEC-2026-95
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
PYSEC-2026-95
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the SessionsPythonPlugin process. An attacker can write arbitrary files to the filesystem by supplying crafted arguments to the DownloadFileAsync or UploadFileAsync functions. Workaround This vulnerability can be...
Directory Traversal
Overview semantic-kernel is a Semantic Kernel Python SDK Affected versions of this package are vulnerable to Directory Traversal via the SessionsPythonPlugin process. An attacker can write arbitrary files to the filesystem by supplying crafted arguments to the DownloadFileAsync or UploadFileAsync...
CVE-2026-25732
CVE-2026-25732 affects NiceGUI prior to 3.7.0, where the FileUpload.name property exposes client-controlled filenames without sanitization. When developers build a filesystem path as UPLOAD_DIR / file.name, malicious filenames containing ../ sequences can cause directory traversal, allowing write...
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
EUVD-2026-5568
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25640
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...