CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

EUVD-2026-9343

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

CVE-2026-27905

CVE-2026-27905 affects BentoML prior to 1.4.36. The safe_extract_tarfile() path validation checks only the symlink’s own path, not the symlink’s target, enabling an attacker to craft a tar with a symlink pointing outside the extraction directory followed by a regular file that writes via the syml...

CVE-2026-24848 OpenEMR Arbitrary File Write leading to Remote Code Execution

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

CVE-2026-24848

CVE-2026-24848 – OpenEMR : OpenEMR versions 7.0.4 and earlier are affected by a vulnerability in the EtherFaxActions.php disposeDocument() method that allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This can be exploited to achieve Remote Cod...

CVE-2026-24848

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

CVE-2026-24848 OpenEMR Arbitrary File Write leading to Remote Code Execution

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

CVE-2026-24848 OpenEMR Arbitrary File Write leading to Remote Code Execution

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

GHSA-3X3X-H76W-HP98 OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write

Summary OpenClaw exec allowlist/safeBins policy could be bypassed with attached short-option payloads for example sort -o/tmp/poc, enabling file-write operations while still satisfying safeBins checks. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.17 - Latest...

OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write

Summary OpenClaw exec allowlist/safeBins policy could be bypassed with attached short-option payloads for example sort -o/tmp/poc, enabling file-write operations while still satisfying safeBins checks. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.17 - Latest...

OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind

Summary ZIP extraction in OpenClaw could be raced into writing outside the intended destination directory via parent-directory symlink rebind between validation and write. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: = 2026.3.1 - Latest published vulnerable version...

Directory Traversal

Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Directory Traversal via media.ts. An attacker can write arbitrary files outside the intended temporary directory by supplying crafted Feishu medi...

CVE-2025-63909

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...

GHSA-M6W7-QV66-G3MF BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction

Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...

BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction

Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...

Directory Traversal

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Directory Traversal through the import process when handling .ovpack files. An attacker can overwrite or create arbitrary files outside the intended directory by crafting malicious ZIP...

CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

CVE-2026-28518

OpenViking versions 0.2.1 and earlier are affected by a path traversal vulnerability in the .ovpack import handling. Malicious ZIP archives containing traversal sequences, absolute paths, or drive prefixes in member names can write files outside the intended import directory with the importing pr...

BentoML 后置链接漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.36, there was a post-link vulnerability. This vulnerability stemmed from the safeextracttarfile function,...