44489 matches found
CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...
CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...
CVE-2026-44565
CVE-2026-44565 affects Open WebUI prior to 0.6.10. The upload API derives the target path from the original HTTP upload filename without validation, enabling dot-segment path traversal and arbitrary file writes to locations the web server user can access. This is fixed in 0.6.10. Mitigation guida...
CVE-2026-44566 Open WebUI: Arbitrary File Upload and Path Traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with...
CVE-2026-44566 Open WebUI: Arbitrary File Upload and Path Traversal
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with...
CVE-2026-44566
Open WebUI prior to version 0.1.124 is affected by an arbitrary file upload and path traversal vulnerability. The issue occurs in the /rag/api/v1/doc upload endpoint, where the uploaded file’s name is derived from the HTTP request and is not validated or sanitized, allowing dot-segments in the fi...
CVE-2026-44566
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with...
Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...
GHSA-3363-2PH6-35WH Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...
Directory Traversal
Overview pipecat-ai is an An open source framework for voice and multimodal assistants Affected versions of this package are vulnerable to Directory Traversal via the downloadfile function in the GET /files/filename:path endpoint when the process is started with the --folder flag. An attacker can...
GHSA-GCMJ-C9GG-9VH6 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...
OESA-2026-2356 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
OESA-2026-2354 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
WordPress Quick Playground plugin <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability
Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by ? in WordPress Plugin Quick Playground versions = 1.3.3...
CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...
CVE-2026-6403
The Quick Playground plugin for WordPress (up to version 1.3.3) is vulnerable to a Path Traversal flaw. The root cause is insufficient validation in the qckply_zip_theme() function, which directly appends a user-controlled 'stylesheet' parameter to the theme root directory path without sanitizing...
CVE-2026-37430
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
PT-2026-41386
Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...
Adobe Substance 3D Designer <= 15.1.0 Multiple Vulnerabilities (APSB26-52)
The version of Adobe Substance 3D Designer installed on the remote host is prior or equal to 15.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-52 advisory. - Substance3D - Designer versions 15.1.0 and earlier are affected by a Server-Side Request Forgery...
APM – Agent Package Manager 路径遍历漏洞
APM – Agent Package Manager is an AI-based dependency management tool open sourced by Microsoft. Versions of APM prior to 0.13.0 contained a path traversal vulnerability. This vulnerability stemmed from a Windows-specific archive extraction boundary failure. When using apm install with Python 3.1...