7267 matches found
UBUNTU-CVE-2026-32274
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name
Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...
Tina: Path Traversal in Media Upload Handle
Affected Package | Field | Value | |-------|-------| | Package | @tinacms/cli | | Version | 2.0.5 latest at time of discovery | | Vulnerable File | packages/@tinacms/cli/src/next/commands/dev-command/server/media.ts | | Vulnerable Lines | 42-43 | --- Summary A path traversal vulnerability CWE-22...
GHSA-5HXF-C7J4-279C Tina: Path Traversal in Media Upload Handle
Affected Package | Field | Value | |-------|-------| | Package | @tinacms/cli | | Version | 2.0.5 latest at time of discovery | | Vulnerable File | packages/@tinacms/cli/src/next/commands/dev-command/server/media.ts | | Vulnerable Lines | 42-43 | --- Summary A path traversal vulnerability CWE-22...
CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...
CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS
Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...
OpenClaw Path Traversal Vulnerability
OpenClaw is a tool for installing skills, plugins and hooks. OpenClaw suffers from a path traversal vulnerability. An attacker can exploit this vulnerability to achieve persistence or code execution by constructing a malicious archive file that writes to an arbitrary location file...
TinaCMS 路径遍历漏洞
TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.1.7 had a path traversal vulnerability. This vulnerability stemmed from issues with the media upload processing mechanism used by the TinaCMS development server, allowing f...
CVE-2026-32128
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...
CVE-2026-32128
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...
CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...
CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...
CVE-2026-32128
FastGPT’s Python Sandbox (fastgpt-sandbox) in versions 4.14.7 and earlier contains guardrails intended to block file writes (static detection + seccomp). The vulnerability arises because stdout (fd 1) can be remapped to an arbitrary writable file descriptor via fcntl. After remapping, writes thro...
CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...
CVE-2026-27897
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...
CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF)
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...
CVE-2026-27897 Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF)
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...
Directory Traversal
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal. Adobe Vulnerability Report: This vulnerability could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability ...
GHSA-RFX7-4XW3-GH4M @appium/support has a Zip Slip arbitrary file write in its ZIP extraction
Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...
GHSA-364Q-W7VH-VHPC OliveTin's unsafe parsing of UniqueTrackingId can be used to write files
When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...