EUVD-2026-36211

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

PT-2026-48624

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated directory used by...

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine, where the data directory /var/lib/docker, contained subdirectories with insufficiently restricted permissions. This allowed unprivileged Linux users to access and...

CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal...

CVE-2026-8756

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

Bert-VITS2 路径遍历漏洞

Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability. This vulnerability stems from the improper handling of the datadir parameter in the generateconfig function of the Gratuit Interface component, resulting in path traversal. Attackers...

CVE-2026-31249

CosyVoice contains an insecure deserialization vulnerability (CWE-502) in its data processing tool make_parquet_list.py. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) with torch.load() without enabling weights_only=True, allowing the deserialization ...

changedetection.io has an Arbitrary Local File Read via a crafted backup restore

Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into th...

CLEANSTART-2026-CO68219 Docker CLI for Windows searches for plugin binaries in C:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ProgramData\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\Docker\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\cli-plugins, a directory that does not exist by default

Multiple security vulnerabilities affect the istio-fips package. Docker CLI for Windows searches for plugin binaries in...

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

EUVD-2026-16480

Open WebUI vulnerable to Path Traversal in POST /api/v1/audio/transcriptions...

GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

CVE-2026-28786 Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...