107 matches found
EUVD-2026-42251
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...
CVE-2026-56273
Flowise prior to 3.1.0 is affected by a path traversal in its Faiss and SimpleStore vector store implementations. The vulnerability arises from unsanitized basePath parameters accepted from authenticated users, enabling attackers with valid API tokens to write vector store data to arbitrary files...
EUVD-2026-40352
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...
PT-2026-53808
Name of the Vulnerable Software and Affected Versions PixMagix – WordPress Image Editor versions prior to 1.7.3 Description Authenticated attackers with author-level access and above can write files with controlled content to arbitrary server locations. The issue occurs because the layers.id...
CVE-2026-28701
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...
CVE-2026-49247 Jellyfin: Potential Authenticated path traversal in /ClientLog/Document
Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a...
PT-2026-52066
Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description Missing path sanitization during playback allows the use of a specially crafted MKV file with forged filename tags to redirect attachment extraction to any absolute path on the disk. This occurs...
CVE-2026-49358
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying...
UBUNTU-CVE-2026-41568
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
CVE-2026-41568
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
CVE-2026-11853
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...
CVE-2026-11853
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...
PT-2026-48397
Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...
Debusine 后置链接漏洞
Debusine is a software supply management platform for the Debian community, focused on package building, testing, analysis, and distribution. Debusine has a post-installation vulnerability that stems from allowing arbitrary user-controlled paths during the parsing of Debian source packages and th...
CVE-2026-42085
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...
CVE-2026-10075 Interinfo|DreamMaker - Path Traversal
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
CVE-2026-10075
Technical details (e.g., affected products/versions, root cause, exploit specifics, fixes) are not publicly available in the provided documents. Monitor for updates as new information is released.
EUVD-2026-33301
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
CVE-2026-10075
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
CVE-2026-44593 esm.sh: Legacy Route Path Traversal Can Lead to RCE
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...