Lucene search
+L

1374 matches found

EUVD
EUVD
added yesterday7 views

EUVD-2026-45269

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...

9.9CVSS5.5AI score
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-8859 Path Traversal in APIRequest Component via Content-Disposition Header

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...

9.9CVSS
Exploits0References1
CVE
CVE
added yesterday33 views

CVE-2026-8859

Langflow OSS (versions 1.0.0–1.10.0) contains a path traversal vulnerability in the APIRequest component when the Save to File feature is enabled. Filenames parsed from HTTP Content-Disposition headers are not sanitized, allowing an attacker-controlled server to craft paths (e.g., ../) and writ...

9.9CVSS5.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60858

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description An authenticated attacker can create a malicious flow that points to a URL under their control. By returning a specially crafted Content-Disposition header, such as...

8.8CVSS5.4AI score
Exploits0References3
Veracode
Veracode
added 2 days ago5 views

Remote Code Execution (RCE)

github.com/julien040/anyquery, is vulnerable to Remote Code Execution RCE. The vulnerability is due to the server mode allowing unrestricted use of native SQLite ATTACH DATABASE commands, which allows an unauthenticated attacker to write arbitrary files to writable locations on the filesystem and...

6.6AI score0.00416EPSS
Exploits0References2Affected Software1
NVD
NVD
added 3 days ago5 views

CVE-2026-45419

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageServicesave, StaticResourceServersaveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing...

8.5CVSS0.00313EPSS
Exploits0References3
CVE
CVE
added 3 days ago16 views

CVE-2026-43637

Cornac before 2.6.0 is affected by a path traversal (Tar Slip) in the _extract_archive() function (cornac/utils/download.py). The vulnerability allows an attacker to write arbitrary files outside the intended cache directory by supplying crafted TAR archives with ../ sequences, absolute paths, or...

9.1CVSS6.2AI score0.00425EPSS
Exploits0References4
NVD
NVD
added 3 days ago5 views

CVE-2026-60087

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS0.00189EPSS
Exploits0References2
OSV
OSV
added 5 days ago6 views

CVE-2026-49970 Laravel-Mediable < 7.0.0 Path Traversal via File::sanitizePath()

Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination. Attackers can exploit the permissive...

8.7CVSS6.3AI score0.00771EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/11 2:34 p.m.8 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.9CVSS6.6AI score0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/11 1:1 p.m.33 views

CVE-2026-61445 PraisonAI before 4.6.78 Arbitrary File Write and Command Execution

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem...

9.9CVSS0.00538EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 8:16 a.m.6 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS0.00349EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:9 a.m.11 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 3:16 p.m.10 views

CVE-2026-42486

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS6AI score0.0014EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/09 1:37 p.m.10 views

Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths

Impact In Phantom = 1.3.0, when PHANTOMOUTPUTDIR was unset the default, the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls e.g. an AI agent driving the MCP interface could write or overwrite arbitrary files the process user can write —...

8.2CVSS7.6AI score0.00504EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/07/09 1:37 p.m.3 views

GHSA-52VM-MXX8-F227 Phantom: Arbitrary file write and decode-bomb DoS via unconfined MCP tool paths

Impact In Phantom = 1.3.0, when PHANTOMOUTPUTDIR was unset the default, the MCP tools accepted arbitrary absolute output paths with no confinement. Anything able to send tool calls e.g. an AI agent driving the MCP interface could write or overwrite arbitrary files the process user can write —...

7.7CVSS6.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/09 10:4 a.m.16 views

CVE-2026-59820

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. An authenticated user, with specific API route access, could upload a specially crafted skill archive. This archive, containing path traversal entries, would allow files to be written outside of the designated extracti...

8.1CVSS6AI score0.00313EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/09 8:43 a.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Rows per page
Query Builder