7271 matches found
CVE-2026-33949
CVE-2026-33949 concerns TinaCMS’s GraphQL package, where vulnerable versions prior to 2.2.2 expose a path traversal weakness in @tinacms/graphql. The root cause is insufficient path validation (notably handling of backslashes) in getValidatedPath, allowing unauthenticated users to write/overwrite...
CVE-2026-30940
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...
PT-2026-29660
Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character name. Details character name is used unsafely as part of the destination filename an...
MiracleLinux 9 : golang-1.25.8-1.el9_7 (AXSA:2026-370:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-370:03 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...
PT-2026-29665
Name of the Vulnerable Software and Affected Versions Poetry versions 1.4.0 through 2.3.2 Description Poetry, a Python dependency manager, contains a path traversal flaw. A crafted wheel file can include '..' paths that Poetry writes to disk without proper containment checks. This allows for...
PT-2026-29811
Summary A path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a website that returns filenames containing ../ sequences, and uses those...
PT-2026-29498
Name of the Vulnerable Software and Affected Versions Tina versions prior to 2.2.2 Description A path-traversal issue exists in Tina, a headless content management system, due to insufficient validation of file paths in the dev media routes. The implementation validates only the path string and...
PT-2026-30239
Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions 2.4.16 and prior Description OpenPrinting CUPS is a printing system for Linux and Unix-like operating systems. A local unprivileged user can manipulate cupsd into authenticating to an attacker-controlled localhost IP...
GHSA-C5C6-37VQ-PJCQ baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API
Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...
EUVD-2026-17267
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API...
Directory Traversal
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the mediaUrl and fileUrl parameters, which bypass validation of localRoots. An attacker can access arbitrary files on the local filesystem by supplying crafted...
CVE-2026-4415
Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...
CVE-2026-30940
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...
CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...
CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...
CVE-2026-30940 baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...
CVE-2026-30940
CVE-2026-30940 affects baserCMS prior to version 5.2.3. A path traversal flaw exists in the theme file management API at /baser/api/admin/bc-theme-file/theme_files/add.json, allowing an authenticated administrator to inject ../ sequences in the path and create a PHP file outside the theme directo...
CVE-2026-30940
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...
Agentic Context Engine 安全漏洞
Agentic Context Engine is an AI proxy learning and optimization framework developed by Kayba. Versions of Agentic Context Engine 0.7.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by a directory traversal vulnerability in the checkpointdir parameter, which cou...