1374 matches found
EUVD-2026-45269
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...
CVE-2026-8859 Path Traversal in APIRequest Component via Content-Disposition Header
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...
CVE-2026-8859
Langflow OSS (versions 1.0.0–1.10.0) contains a path traversal vulnerability in the APIRequest component when the Save to File feature is enabled. Filenames parsed from HTTP Content-Disposition headers are not sanitized, allowing an attacker-controlled server to craft paths (e.g., ../) and writ...
PT-2026-60858
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description An authenticated attacker can create a malicious flow that points to a URL under their control. By returning a specially crafted Content-Disposition header, such as...
Remote Code Execution (RCE)
github.com/julien040/anyquery, is vulnerable to Remote Code Execution RCE. The vulnerability is due to the server mode allowing unrestricted use of native SQLite ATTACH DATABASE commands, which allows an unauthenticated attacker to write arbitrary files to writable locations on the filesystem and...
CVE-2026-45419
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageServicesave, StaticResourceServersaveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing...
CVE-2026-43637
Cornac before 2.6.0 is affected by a path traversal (Tar Slip) in the _extract_archive() function (cornac/utils/download.py). The vulnerability allows an attacker to write arbitrary files outside the intended cache directory by supplying crafted TAR archives with ../ sequences, absolute paths, or...
CVE-2026-60087
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...
CVE-2026-49970 Laravel-Mediable < 7.0.0 Path Traversal via File::sanitizePath()
Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination. Attackers can exploit the permissive...
Directory Traversal
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
CVE-2026-61445 PraisonAI before 4.6.78 Arbitrary File Write and Command Execution
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem...
CVE-2026-40005
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
CVE-2026-40005
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
CVE-2026-42486
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
Impact In Phantom = 1.3.0, when PHANTOMOUTPUTDIR was unset the default, the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls e.g. an AI agent driving the MCP interface could write or overwrite arbitrary files the process user can write —...
GHSA-52VM-MXX8-F227 Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths
Impact In Phantom = 1.3.0, when PHANTOMOUTPUTDIR was unset the default, the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls e.g. an AI agent driving the MCP interface could write or overwrite arbitrary files the process user can write —...
CVE-2026-59820
A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. An authenticated user, with specific API route access, could upload a specially crafted skill archive. This archive, containing path traversal entries, would allow files to be written outside of the designated extracti...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...