100 matches found
CVE-2026-29070
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...
pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
Summary A crafted DICOMDIR can set ReferencedFileID to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy, write, and...
EUVD-2026-13433
pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root...
GHSA-V856-2RF8-9F28 pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
Summary A crafted DICOMDIR can set ReferencedFileID to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy, write, and...
CVE-2026-32711
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...
CVE-2026-32711
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...
CVE-2026-32711 pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...
LibreChat RAG API contains a log-injection vulnerability
Overview A log-injection vulnerability in the LibreChat RAG API, version 0.7.0, is caused by improper sanitization of user-supplied input written to system logs. An authenticated attacker can forge or manipulate log entries by inserting CRLF characters, compromising the integrity of audit records...
EUVD-2026-10340
Actual Sync Server has an Authenticated Path Traversal...
GHSA-27VG-33GH-4HWG Actual Sync Server has an Authenticated Path Traversal
Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...
Actual Sync Server has an Authenticated Path Traversal
Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...
Actual Sync Server has an Authenticated Path Traversal
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside userFiles...
CVE-2026-3089
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...
PT-2026-24064
Name of the Vulnerable Software and Affected Versions Actual Sync Server versions prior to 26.3.0 Description Actual Sync Server allows authenticated users to upload files through the ''/sync/upload-user-file'' API endpoint. In versions prior to 26.3.0, insufficient validation of the...
CVE-2026-28682
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...
Gokapi 访问控制错误漏洞
Gokapi is a lightweight, self-hosted alternative to Firefox sending by Marc Bulling. Versions of Gokapi prior to 2.2.3 contained an access control vulnerability. This vulnerability stemmed from the SSE implementation for upload status on /uploadStatus, which exposed the global upload status to an...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...
CVE-2024-50617
CVE-2024-50617 affects CIPPlanner CIPAce prior to 9.17. The issue lies in the File Download and Get File handler components, where an authenticated user can change the file id parameter or supply a physical file path in the URL query to download files they should not access. The impact is unautho...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...