SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

FacturaScripts 输入验证错误漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2026 contained a vulnerability related to input validation errors. This vulnerability stemmed from the Plugins::add function not properly verifying the file paths in...

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 PoC Remote Code Execution via Claude Code Pr...

bun-archive-traversal-poc

Bun Archive Extraction Traversal PoCs Target: oven-sh/bun...

Directory Traversal

OpenMRS Core is vulnerable to Directory Traversal. The vulnerability is due to improper validation and normalization of ZIP archive entry paths during module extraction, which allows an attacker to write arbitrary files outside the intended directory and achieve remote code execution...

PT-2026-42210

Name of the Vulnerable Software and Affected Versions Boxlite versions prior to 0.9.0 Description Boxlite is a sandbox service that allows users to create lightweight virtual machines and run OCI containers. The software fails to properly validate symlink targets when extracting OCI image layer...

CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

CVE-2026-44565

CVE-2026-44565 affects Open WebUI prior to 0.6.10. The upload API derives the target path from the original HTTP upload filename without validation, enabling dot-segment path traversal and arbitrary file writes to locations the web server user can access. This is fixed in 0.6.10. Mitigation guida...

GHSA-GCMJ-C9GG-9VH6 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the export process. An attacker can write files to arbitrary locations on the filesystem by uploading an asset with a crafted filename containing directory traversal sequences and then triggering an administrator...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...

Arbitrary File Read And Write

Incus is vulnerable to arbitrary file read and write. The vulnerability is due to improper enforcement of the pongo2 chroot isolation mechanism in instance template files, which allows an attacker to bypass filesystem restrictions and perform arbitrary file read/write operations on the host syste...

Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

GHSA-M8FG-67J7-CX4V Portainer has a path traversal in backup archive extraction that allows arbitrary file write

Summary Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructed output paths using filepath.Cleanfilepath.JoinoutputDirPath, header.Name. This combination does not...

Portainer has a path traversal in backup archive extraction that allows arbitrary file write

Summary Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructed output paths using filepath.Cleanfilepath.JoinoutputDirPath, header.Name. This combination does not...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the ExtractTarGz process. An attacker can write arbitrary files to locations outside the intended extraction directory by submitting a crafted .tar.gz archive containing directory traversal sequences. This is only...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the pgbasebackup or pgrewind process. An attacker can overwrite arbitrary files on the local system by leveraging symlink following, potentially hijacking the operating system account. This is on...

CVE-2026-42881

STIGQter (open-source reimplementation of DISA STIG Viewer) prior to 1.2.7 contains a vulnerability where an attacker can achieve local code execution with the user’s privileges by persuading a user to open a crafted .stigqter file and run the Export HTML action. The CVE entry and CVE List title ...