Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/16 10:54 p.m.0 views

CVE-2026-40318

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...

8.5CVSS5.9AI score0.00076EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/07 1:6 p.m.2 views

CVE-2026-5627

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...

9.1CVSS6AI score0.00063EPSS
Exploits1References3
Huntr
Huntradded 2026/01/07 1:6 p.m.5 views

Path Traversal in Agent Flows via `uuid` (Arbitrary .json File Read/Delete)

Description : Summary I discovered a Path Traversal vulnerability in the AgentFlows component that allows reading and deleting arbitrary .json files on the server. The issue stems from the improper usage of path.join combined with normalizePath. The application resolves the file path using user...

9.1CVSS7.1AI score0.00063EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2025/03/22 11:29 a.m.5 views

CVE-2024-8551

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS6.5AI score0.00297EPSS
Exploits1References1
Snyk
Snykadded 2025/03/20 12:32 p.m.3 views

Relative Path Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Relative Path Traversal through the save-workflow functionality. An attacker can write arbitrary JSON files on the filesystem by exploiting this vulnerability. PoC...

9.1CVSS7.1AI score0.00297EPSS
Exploits1References2
OSV
OSVadded 2021/03/15 5:15 p.m.1 views

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

5.3CVSS5.9AI score0.00047EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2021/03/15 4:40 p.m.1 views

CVE-2021-23357

All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. This function is able to delete arbitrary JSON files on the disk where Tyk is running via the management API. The APIID is provided by the user and this valu...

5.3CVSS5.6AI score0.00047EPSS
Exploits1References3
Rows per page
Query Builder