5147 matches found
CVE-2026-43975
CVE-2026-43975 affects Apache Wicket via the FolderUploadsFileManager, which fails to validate or sanitize the uploadFieldId parameter or the clientFileName when constructing file paths. This can let an unauthenticated attacker write files outside the intended upload directory or read files from ...
CVE-2026-43975
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...
Apache Wicket 路径遍历漏洞
Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...
RHCOS 4 : OpenShift Container Platform 4.1 jenkins (RHSA-2019:2548)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2548 advisory. - jenkins: Arbitrary file write vulnerability using file parameter definitions SECURITY-1424 CVE-2019-10352 - jenkins: CSRF protecti...
RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3811 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - kubernetes: Incomplete fixes...
Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component
Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...
GHSA-HMCX-CH82-3FV2 Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component
Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...
Directory Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Directory Traversal via the setpackagedata function. An attacker can overwrite or create files in arbitrary directories by supplying crafted values to the...
CVE-2026-42091
goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS...
GHSA-3R68-X3XC-RXPG wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
Description Impact wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox alloweddirs is None by default and only activates when the...
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
Description Impact wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox alloweddirs is None by default and only activates when the...
EUVD-2026-27017
PPTAgent: Arbitrary File Write via savegeneratedslides...
GHSA-PXHG-7XR2-W7XG PPTAgent: Arbitrary File Write via `save_generated_slides`
Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...
PPTAgent: Arbitrary File Write via `save_generated_slides`
Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
Summary The markdowntabletoimage tool accepts a caller-controlled path parameter and passes it directly to gethtmltableimage: python pptagent/mcpserver.py:127-143 def markdowntabletoimagemarkdowntable: str, path: str, css: str - str: """ Args: path str: The file path where the image will be saved...
GHSA-HRCW-XC63-G29M PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
Summary The markdowntabletoimage tool accepts a caller-controlled path parameter and passes it directly to gethtmltableimage: python pptagent/mcpserver.py:127-143 def markdowntabletoimagemarkdowntable: str, path: str, css: str - str: """ Args: path str: The file path where the image will be saved...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...