20853 matches found
CVE-2026-25732
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
EUVD-2026-5568
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25640
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
CVE-2026-25640 Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
EUVD-2026-5593
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
CVE-2026-25640
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
CVE-2026-25640 Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
CVE-2026-25640
Pydantic AI (web UI) is affected by CVE-2026-25640 in versions 1.34.0–1.50.x. The vulnerability stems from insufficient validation of the version query parameter used to build the CDN URL for the frontend, allowing path traversal that can cause the server to fetch and serve attacker-controlled HT...
CVE-2026-25640 Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the SettingsGitHooksEdit function, accessible via the name parameter to the /username/reponame/settings/hooks/git endpoint. An admin user with AllowGitHook privilege can read and write arbitrary files on the serve...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the SettingsGitHooksEdit function, accessible via the name parameter to the /username/reponame/settings/hooks/git endpoint. An admin user with AllowGitHook privilege can read and write arbitrary files on the serve...
Cross-site Scripting (XSS)
Overview pydantic-ai-slim is an Agent Framework / shim to use Pydantic with LLMs, slim package Affected versions of this package are vulnerable to Cross-site Scripting XSS via the version query parameter used in constructing the CDN URL for serving frontend HTML. An attacker can execute arbitrary...
GHSA-WJP5-868J-WQV7 Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL
Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL
Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the updateWikiPage function that allows a user with write access to a given repository's wiki to delete files with the oldtitle parameter. Details A Directory Traversal attack also known as path traversal aims to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the updateWikiPage function that allows a user with write access to a given repository's wiki to delete files with the oldtitle parameter. Details A Directory Traversal attack also known as path traversal aims to...
GHSA-MRPH-W4HH-GX3G Gogs has arbitrary file read/write via Path Traversal in Git hook editing
Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"customhooks", name which internally resolves the path as: go...
Gogs has arbitrary file read/write via Path Traversal in Git hook editing
Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"customhooks", name which internally resolves the path as: go...