GHSA-JFXC-V5G9-38XR PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the target path, malicious actions can overwrite sensitive...

PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction

The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall without verifying if the files within the archive resolve...

GHSA-4PH2-F6PF-79WV PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction

The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall without verifying if the files within the archive resolve...

CVE-2026-35454 Code Extension Marketplace has a Zip Slip Path Traversal

The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulnerability in coder/code-marketplace allowed a malicious VSIX file to write arbitrary files outside the extension directory. ExtractZip passed raw zip entry names to a callback tha...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the unzip method in the ApicurioCodegenWrapper class. An attacker can write files outside the intended output directory by supplying a crafted ZIP archive containing entries with...

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting ../ segments in...

Directory Traversal

Overview kedro-datasets is a Kedro-Datasets is where you can find all of Kedro's data connectors. Affected versions of this package are vulnerable to Directory Traversal via the PartitionedDataset component. An attacker can overwrite arbitrary files on the filesystem by supplying partition IDs...

GHSA-CJG8-H5QC-HRJV kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

CVE-2026-34783 Ferret has a Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...

CVE-2026-34783

CVE-2026-34783 is a path traversal in Ferret’s IO::FS::WRITE (and related IO::FS::READ) that lets an attacker cause arbitrary file writes during web scraping by supplying filenames containing ".." sequences. A malicious website can manipulate output paths so the attacker controls destination and ...

CVE-2026-34783 Ferret has a Path Traversal in IO::FS::WRITE allows arbitrary file write when scraping malicious websites

Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write arbitrary files to the filesystem of the machine running Ferret. When an operator scrapes a...

CVE-2024-14032 Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write

Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: method to overwrite...

PT-2026-30766

The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall without verifying if the files within the archive resolve...

PT-2026-30765

Summary PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../ traversal entries and any user who later pulls that...

PT-2026-30764

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI, a multi-agent teams system, contains a Path Traversal vulnerability in the Action Orchestrator feature. An attacker, or a compromised agent, can write to arbitrary files outside of the...

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can...

Exploit for External Control of File Name or Path in Zimaspace Zimaos

zimaos-cve-2026-28286...

Emlog-v2.6.9-Vulnerability-Report

Emlog-v2.6.9-Vulnerability-Report CVE ID: REQUESTED D...

Linux Distros Unpatched Vulnerability : CVE-2026-34591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without...