CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

CVE-2026-35483

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadtemplate allows reading files with .jinja, .jinja2, .yaml, or .yml extensions from anywhere on the server filesystem. For .jinja files the...

CVE-2026-35029

A flaw was found in LiteLLM, an AI Gateway proxy server. An authenticated user can exploit a missing authorization check on the /config/update endpoint. This allows the user to modify proxy configurations and environment variables, leading to remote code execution by registering custom endpoint...

PT-2026-30968

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

OrangeHRM 路径遍历漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained a path traversal...

Text Generation Web UI 路径遍历漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained a path traversal vulnerability. This vulnerability stemmed from an unauthenticated path traversal vulnerability in the loadtemplate function,...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed NoSQL database developed by the Apache Foundation in the United States. Version 4.0 of Apache Cassandra contains a security vulnerability. This vulnerability stems from the cqlsh command-line tool not properly clearing sensitive information, which may lead to the...

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 contained a path traversal vulnerability. This vulnerability stemmed from the validatepath function first calling os.path.normpath to fold the sequence, and then checkin...

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...

WWBN AVideo 路径遍历漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability allowed attackers to bypass the allowed access control by using the same domain URL, potentially leading t...

CVE-2026-35187 pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parseurls API function in src/pyload/core/api/init.py fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated...

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2026-34976

CVE-2026-34976 affects Dgraph prior to 25.3.1 where the restoreTenant admin mutation is missing from the authorization middleware, allowing an unauthenticated attacker to specify attacker-controlled backup locations (including file://), S3/MinIO credentials, encryption key paths, and Vault IDs. T...

CVE-2026-26058

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

Malicious code in df-sandbox-test (npm)

Multiple evidences indicate malicious behaviors: data exfiltration, sensitive file access, obfuscated code, and suspicious network connections. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97761ee82976dcee2c3d8438258e8ace733bec2d2c7e1020035e9e390f9fa02f The...

PT-2026-30768

Name of the Vulnerable Software and Affected Versions Vite versions 6.0.0 through 6.4.1, 7.3.2, and 8.0.5 Description Vite, a frontend tooling framework for JavaScript, had a flaw where the server.fs check was not enforced for the fetchModule method exposed in the Vite dev server’s WebSocket. If ...

Kedro 路径遍历漏洞

Kedro is an open-source production-ready data science toolkit developed by Kedro. Versions prior to Kedro 1.3.0 contained a path traversal vulnerability. This vulnerability stemmed from the getversionedpath method not clearing the version string provided by the user, allowing for path traversal a...

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal the LocalFileManagerDriver file path resolution in griptape/drivers/filemanager/localfilemanagerdriver.py. An attacker can read, list...

Path Traversal

ONNX is vulnerable to Path Traversal. The vulnerability is due to improper handling of symlinks allowing directory traversal, which allows an attacker to access and read arbitrary files outside the intended directory...