CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

Tina: Path Traversal in Media Upload Handle

Affected Package | Field | Value | |-------|-------| | Package | @tinacms/cli | | Version | 2.0.5 latest at time of discovery | | Vulnerable File | packages/@tinacms/cli/src/next/commands/dev-command/server/media.ts | | Vulnerable Lines | 42-43 | --- Summary A path traversal vulnerability CWE-22...

GHSA-5HXF-C7J4-279C Tina: Path Traversal in Media Upload Handle

Affected Package | Field | Value | |-------|-------| | Package | @tinacms/cli | | Version | 2.0.5 latest at time of discovery | | Vulnerable File | packages/@tinacms/cli/src/next/commands/dev-command/server/media.ts | | Vulnerable Lines | 42-43 | --- Summary A path traversal vulnerability CWE-22...

CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

OpenClaw Path Traversal Vulnerability

OpenClaw is a tool for installing skills, plugins and hooks. OpenClaw suffers from a path traversal vulnerability. An attacker can exploit this vulnerability to achieve persistence or code execution by constructing a malicious archive file that writes to an arbitrary location file...

TinaCMS 路径遍历漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.1.7 had a path traversal vulnerability. This vulnerability stemmed from issues with the media upload processing mechanism used by the TinaCMS development server, allowing f...

CVE-2026-27897

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...

CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF)

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...

CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF)

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...

Directory Traversal

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal. Adobe Vulnerability Report: This vulnerability could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability ...

GHSA-RFX7-4XW3-GH4M @appium/support has a Zip Slip arbitrary file write in its ZIP extraction

Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the UniqueTrackingId field in the StartAction API request when the saveLogs feature is enabled. An attacker can write arbitrary files to locations outside the intended log directory by supplying directory travers...

EUVD-2026-10910

OliveTin's unsafe parsing of UniqueTrackingId can be used to write files...

Vociferous 访问控制错误漏洞

Vociferous is a cross-platform offline voice-to-text tool developed by Andrew Brown. Versions prior to 4.4.2 of Vociferous contained an access control vulnerability. This vulnerability stemmed from the lack of filename validation in the exportfile route in src/api/system.py, along with unvalidate...

CVE-2026-31817

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the...

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

GHSA-XJGW-4WVW-RGM4 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

EUVD-2026-10810

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained downloadpath in confluencedownloadattachment...

CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...