Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the waitForDownloadViaPlaywright and downloadViaPlaywright functions. An attacker can write files outside the intended temporary downloads directory by supplying a...

Directory Traversal

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archive containing a...

Directory Traversal

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archiv...

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

GO-2026-4453 Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs

Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

OpenClaw has an arbitrary transcript path file write via gateway sessionFile

Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...

Command Validation Bypass

@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB Overview This exploi...

Exploit for CVE-2025-4138

CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...

Directory Traversal

Overview bacnet-stack is a None Affected versions of this package are vulnerable to Directory Traversal. via the file writing process. An attacker can overwrite or create files in arbitrary directories by supplying crafted file paths. Remediation A fix was pushed into the master branch but not ye...

CVE-2026-26221 Hyland OnBase Timer Service Unauthenticated .NET Remoting RCE

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...

Exploit for CVE-2026-1357

CVE-2026-1357 — WPvivid Backup & Migration RCE Unauthentica...

CVE-2025-61879

In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...

n8n Node.js Package < 1.118.0 / 2.x < 2.4.0 Arbitrary File Write Leading to RCE (CVE-2026-25056)

The version of the n8n Node.js Package installed on the remote host is prior to 1.118.0, or 2.x prior to 2.4.0. It is, therefore, affected by a remote code execution vulnerability: - A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify...

n8n Node.js Package < 1.123.12 / 2.x < 2.4.0 Arbitrary File Write via SSH Node (CVE-2026-25055)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.12, or 2.x prior to 2.4.0. It is, therefore, affected by an arbitrary file write vulnerability: - When workflows process uploaded files and transfer them to remote servers via the SSH node without validating the...

CVE-2025-61879

In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...

CVE-2025-61879

In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...

CVE-2025-69874

nanotar through 0.2.0 has a path traversal vulnerability in parseTar and parseTarGzip that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence...

PT-2026-7863

In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...

PyMuPDF path traversal and arbitrary file write vulnerabilities

Overview A path traversal vulnerability leading to arbitrary file write exist in PyMuPDF version 1.26.5, within the ‘embeddedget’ function in ‘main.py’. This vulnerability is caused by improper handling of untrusted embedded file metadata, which is used directly as an output path, enabling...