1401 matches found
Gradio - Absolute Path Traversal
Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...
Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...
LOLLMS WebUI - Absolute Path Traversal
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2026-10075 Interinfo|DreamMaker - Path Traversal
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
EUVD-2026-33301
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
CVE-2026-10075 Interinfo|DreamMaker - Path Traversal
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
PT-2026-44839
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
Interinfo DreamMaker 安全漏洞
Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a security vulnerability, which stems from absolute path traversal. This vulnerability could allow unauthenticated remote attackers to read file names from any path...
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability
Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability...
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
PT-2026-37264
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description Lack of sanitization in the set package data function allows a user with Perms.MODIFY permissions to specify arbitrary directories as download locations for a package. This occurs when passin...
Astra Linux - уязвимость в ansible
There exists an absolute path traversal attack within the Ansible automation platform. This flaw allows an attacker to create a malicious Ansible role and have the victim execute that role. A symbolic link can be used to overwrite a file that is outside of the extraction path...
PT-2026-36506
Name of the Vulnerable Software and Affected Versions AGL app-framework-main versions 17.1.12 and earlier Description A Zip Slip path traversal issue combined with a Time-of-Check to Time-of-Use TOCTOU race condition exists in the widget installation flow. The is valid filename function in...
CVE-2026-7217
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...
CVE-2026-7217
Summary: CVE-2026-7217 affects Deepractice PromptX ≤ 2.4.0. The vulnerability lies in the Document File Handler’s index.ts functions read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf, where manipulation of the argument path enables absolute path traversal. This is a remote-execution-capable...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: erlang (UTSA-2026-006245)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006245 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP stdlib modules allows Absolute Path Traversal, File...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...