3137 matches found
PT-2026-30456
Name of the Vulnerable Software and Affected Versions griptape versions 0.19.4 Description A security issue exists in the FileManagerTool component of griptape. The functions load files from disk, list files from disk, save content to file, and save memory artifacts to disk are susceptible to pat...
PT-2026-30482
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute...
EUVD-2026-17821
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...
CVE-2026-5258
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...
CVE-2026-5258 Sanster IOPaint File Manager file_manager.py _get_file path traversal
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...
CVE-2026-5258
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...
CVE-2026-5258 Sanster IOPaint File Manager file_manager.py _get_file path traversal
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function getfile of the file iopaint/filemanager/filemanager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The...
CVE-2026-5258
The CVE concerns Sanster IOPaint 1.5.3. The vulnerable component is the File Manager’s _get_file function in iopaint/file_manager/file_manager.py. Affected behavior is path traversal caused by manipulating the filename argument. The issue allows remote exploitation, and public exploit materials e...
PT-2026-29477
A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function get file of the file iopaint/file manager/file manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. Th...
IOPaint 路径遍历漏洞
IOPaint is an AI-based image restoration and content generation tool developed by Qing. Version 1.5.3 of IOPaint contains a path traversal vulnerability, which stems from incorrect handling of the parameter filename in the file iopaint/filemanager/filemanager.py. This vulnerability may lead to pa...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
EUVD-2026-17148
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
XML External Entity (XXE) Injection
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the SVG file upload functionality in the admin panel and File Manager plugin. An attacker can access...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
CVE-2026-29924
CVE-2026-29924 – Grav CMS v1.7.x and earlier is vulnerable to XML External Entity (XXE) when uploading SVG files via the admin panel or File Manager plugin. The issue arises from external entity processing in SVG/XML input, enabling access to local or sensitive resources in affected environments ...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
CVE-2026-29924
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
PT-2026-29094
Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...
yTree 缓冲区错误漏洞
yTree is a terminal-based file management and directory browsing tool developed by Werner Bregulla. Versions 1.94 to 1.1 of yTree contain a buffer error vulnerability. This vulnerability stems from a stack buffer overflow, which could allow local attackers to execute arbitrary code by providing...