Directory Traversal

Overview pydicom is an A pure Python package for reading and writing DICOM data Affected versions of this package are vulnerable to Directory Traversal via the FileSet function. An attacker can access, copy, move, or delete arbitrary files outside the intended directory by crafting a malicious...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

Directory Traversal

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Directory Traversal via the UI stream payload when FileStateSessionBackend is configured. An attacker can cause application crashes or manipulate files by supplying a crafted statetoken payload through the...

CVE-2026-33054 Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard...

CVE-2026-33054 Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard...

CVE-2026-32812

Admidio CVE-2026-32812 affects versions 5.0.0–5.0.6 where the SSO Metadata API endpoint at modules/sso/fetch_metadata.php reads a user-supplied URL and passes it to file_get_contents() after only PHP FILTER_VALIDATE_URL validation. This allows an authenticated administrator to cause Local File Re...

PT-2026-26611

CVE-2024-44722 SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. https://t.co/m0vhXKM2HE...

CVE-2024-44722

SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...

Directory Traversal

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Directory Traversal via the /read-document endpoint. An attacker can access arbitrary files accessible to the server process by sending a crafted HTTP POST request. Details A Directory Traversal attack al...

Allure Report 路径遍历漏洞

Allure Report is a flexible and lightweight multi-language test report tool developed under the Allure Framework. Versions of Allure Report prior to 2.38.0 contained a path traversal vulnerability. This vulnerability stemmed from issues with path traversal during the processing of test results,...

PT-2026-26777

Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

CVE-2026-32007

OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerability in the experimental applypatch tool that allows attackers with sandbox access to modify files outside the workspace directory by exploiting inconsistent enforcement of workspace-only checks on mounted paths. Attackers can...

CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

CVE-2026-32013

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

EUVD-2026-13275

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

CVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...

EUVD-2026-13095

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...