262 matches found
CVE-2026-54563
Cloudreve CVE-2026-54563 describes a path traversal / broken access control in the WebDAV interface under /dav. Before version 4.16.1, a WebDAV account rooted at a configured folder could send paths like /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request...
CVE-2026-61443
PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.runskillscript that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended...
CVE-2026-53486
A flaw was found in the decompress package for Node.js. A remote attacker can exploit this vulnerability by crafting a malicious archive. When the archive is extracted, it can create files and links outside the intended directory, leading to unauthorized reading or writing of files. This is due t...
CVE-2026-53486
The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink...
CVE-2026-53486 decompress: Archive extraction can create files and links outside the target directory
The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink...
CVE-2026-53486
The CVE affects the Node.js decompress package used for archive extraction. Before versions 10.2.1 and 11.1.3, crafted archives could read or write files outside the target directory due to: hardlink and symlink entries being created without proper target checks; path containment validated by a s...
CVE-2026-61432
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
EUVD-2026-42898
PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...
CVE-2026-61432
PraisionAI (praisonaiagents) before 1.6.78 has a path traversal flaw in the FastContext feature. FastContextAgent.execute_tool() only prefixes workspace_path for relative paths and does not reject absolute paths or canonicalize joined paths, allowing tool arguments or model-generated calls to gre...
EUVD-2026-42769
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
CVE-2026-39245
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
CVE-2026-39245
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
CVE-2026-39245
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
CVE-2026-39245
CVE-2026-39245 affects the decompress package (before 4.2.2). The vulnerability arises from an improper path containment check during extraction: safeMakeDir (index.js:29) and extraction path validation (index.js:106) rely on realDestinationDir.indexOf(realOutputPath) !== 0. This boundary check f...
PT-2026-56053
Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...
CVE-2026-13885
Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
GHSA-FR4H-3CPH-29XV pnpm: Hoisted install imports lockfile alias outside node_modules
Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases suc...
GHSA-4GXV-P5G5-J7W7 gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host
Summary A logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with 0o777 permissions. The bug is independent...
GHSA-5G9F-CWWG-4P8G PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles
Summary AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying that the path is contained within the temporary folder. Any code holding a reference to a generato...
CVE-2026-29509 Patool < 4.0.5 Path Traversal via safe_extract() Function
Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...