Lucene search
+L

283 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-45331

IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents,...

8.1CVSS5.5AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-9587

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-9587

CVE-2026-9587 describes an authenticated local file inclusion in Sangoma Switchvox SMB Edition 8.3 (104997). The issue resides in the play_file function where the sound_path input is not properly validated, allowing an attacker to supply absolute paths to read files outside the intended directory...

7.1CVSS5.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday8 views

CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS5.4AI score
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45206

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-53598 Prompty: Arbitrary File Read via ${file:path} Reference Expansion

Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-53598

Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...

7.5CVSS6.1AI score0.01057EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2 days ago3 views

CVE-2026-59863 Kiota: Workspace-config poisoning: out-of-repo file write + generation-time SSRF

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath values during kiota client generate and kiota plugin generate, allowing a malicious repository or pu...

7CVSS6.2AI score0.01123EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44645

PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.runskillscript that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended...

8.6CVSS6.6AI score0.00499EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-61443 PraisonAI before 1.6.78 Remote Code Execution via SkillTools

PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.runskillscript that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended...

8.6CVSS0.00499EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-54684 jadx: XAPK archive entries with absolute paths can plant drop-in plugins and achieve code execution on the next jadx run

jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory because XApkLoader resolves each entry name directly with tmpDir.resolvefileName after a...

7CVSS0.00133EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-54684

CVE-2026-54684 — jadx (Dex to Java decompiler) Affected versions: 1.5.2 to 1.5.5. The vulnerability arises when processing a malicious .xapk file: XApkLoader resolves each entry name directly with tmpDir.resolve(fileName) after a CWD-based ZIP security check, allowing an attacker to write archive...

7CVSS6.2AI score0.00133EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

CVE-2026-54684 jadx: XAPK archive entries with absolute paths can plant drop-in plugins and achieve code execution on the next jadx run

jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory because XApkLoader resolves each entry name directly with tmpDir.resolvefileName after a...

7CVSS6.2AI score0.00133EPSS
Exploits0References5
NVD
NVD
added last week7 views

CVE-2026-60088

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS0.00147EPSS
Exploits0References3
Cvelist
Cvelist
added last week39 views

CVE-2026-60088 PraisonAI before 4.6.78 Path Traversal via Custom Commands

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS0.00147EPSS
Exploits0References3
OSV
OSV
added last week2 views

CVE-2026-60088 PraisonAI before 4.6.78 Path Traversal via Custom Commands

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS6.1AI score0.00147EPSS
Exploits0References5
NVD
NVD
added 2026/07/10 3:16 p.m.8 views

CVE-2026-61432

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 1:58 p.m.6 views

EUVD-2026-42898

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 1:58 p.m.7 views

CVE-2026-61432

PraisionAI (praisonaiagents) before 1.6.78 has a path traversal flaw in the FastContext feature. FastContextAgent.execute_tool() only prefixes workspace_path for relative paths and does not reject absolute paths or canonicalize joined paths, allowing tool arguments or model-generated calls to gre...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References3
Rows per page
Query Builder