RHEL 8 : go-toolset:rhel8 (RHSA-2026:7876)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7876 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:7878)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7878 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:7879)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7879 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

RHEL 9 : golang (RHSA-2026:7883)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7883 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

RHEL 9 : golang (RHSA-2026:7833)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7833 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

RHEL 8 : go-toolset:rhel8 (RHSA-2026:7877)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7877 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...

RHEL 9 : golang (RHSA-2026:7834)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7834 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

Directory Traversal

Overview gramps-webapi is an A RESTful web API for the Gramps genealogical database. Affected versions of this package are vulnerable to Directory Traversal via the MediaImporter.checkdiskspaceandextract function. An attacker can write arbitrary files outside the intended extraction directory by...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the removeUnusedAttributeView process. An attacker can delete arbitrary .json files within the workspace by supplying crafted path traversal sequences in the id parameter, allowing removal of files outside the...

EUVD-2026-21515

Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble...

GHSA-32PV-MPQG-H292 Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read

Summary Two unauthenticated path traversal vulnerabilities exist in Saltcorn's mobile sync endpoints. The POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the serve...

EUVD-2026-21517

Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read...

Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read

Summary Two unauthenticated path traversal vulnerabilities exist in Saltcorn's mobile sync endpoints. The POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the serve...

EUVD-2026-21509

PraisonAI vulnerable to arbitrary file write via path traversal in praisonai recipe unpack...

PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

GHSA-99G3-W8GR-X37C PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

EUVD-2026-21152

PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor memory/hooks.py...

CVE-2026-33704 Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

CVE-2026-33704

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...