45298 matches found
CVE-2026-15415 Path traversal and arbitrary file write in the workflow linters of aws-healthomics-mcp-server
AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research. Improper limitation of a pathname to a restricted directory...
mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath
Impact contextimport passed the caller-supplied filePath directly to fs.readFileSync with no path confinement. A malicious MCP client — or an LLM agent that is prompt-injected into calling the tool — could point filePath at any file readable by the server process, outside any session or export...
CVE-2026-7667 Path Traversal Vulnerability in API Request Component Content-Disposition Header Processing
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header e.g., filename="../../../target/path" , enabling arbitrary file write operations with...
EUVD-2026-45288
IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header e.g., filename="../../../target/path" , enabling arbitrary file write operations with...
CVE-2026-7872
Summary: The vulnerability CVE-2026-7872 affects Langflow OSS 1.0.0–1.10.0, via a path traversal flaw in the File component’s tar archive extraction. An authenticated attacker can craft a tar with symbolic links, bypassing validation and causing extraction to create links outside the intended dir...
CVE-2026-8859
Langflow OSS (versions 1.0.0–1.10.0) contains a path traversal vulnerability in the APIRequest component when the Save to File feature is enabled. Filenames parsed from HTTP Content-Disposition headers are not sanitized, allowing an attacker-controlled server to craft paths (e.g., ../) and writ...
CVE-2026-8859 Path Traversal in APIRequest Component via Content-Disposition Header
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...
EUVD-2026-45269
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...
CVE-2026-15343 Path traversal vulnerability in GitHub Enterprise Server allowed writing files to arbitrary repository paths, including GitHub Actions workflow files, via unchecked Dependabot dependency-file paths
A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker who had code execution inside the Dependabot updater container to write files to arbitrary repository paths, including GitHub Actions workflow files under .github/workflows/ as the path validation d...
CVE-2026-15343
GitHub Enterprise Server (Dependabot updater container) contains a path traversal vulnerability that lets an attacker with code execution inside that container write to arbitrary repository paths, including .github/workflows/. The flaw arises because path validation did not properly enforce the e...
CVE-2026-15379
CVE-2026-15379 : The Altiris WMI provider exposes the AltirisAgent_Stream class, allowing any local standard user to read files accessible to the SYSTEM context, bypassing filesystem ACLs. The provider uses LocalSystem context for WMI queries without re-impersonating the caller, enabling read acc...
CVE-2026-13352
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 4.16.18 via the allowedmimetypes function. This is due to the unconditional...
Flowise 1.4.3 - Arbitrary File Read
Flowise 1.4.3 contains a path traversal caused by lack of sanitization of 'fileName' parameter in /api/v1/openai-assistants-file endpoint in index.ts, letting attackers read arbitrary files, exploit requires attacker to send crafted request. id: CVE-2024-36420 info: name: Flowise 1.4.3 - Arbitrar...
WP Responsive Images <= 1.0 - Arbitrary File Read
WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...
Pichome 2.1.0 - Arbitrary File Read
A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...
Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...
Gradio < 2.5.0 - Arbitrary File Read
Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...
TinaCMS - Path Traversal
TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...
Avid NEXIS Agent - Arbitrary File Read
Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...
WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read
WooCommerce Designer Pro theme for WordPress = 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication. id: CVE-2025-10897 info: nam...