CVE-2026-33001

A flaw was found in Jenkins. This vulnerability allows attackers with Item/Configure permission, or those who can control agent processes, to exploit unsafe handling of symbolic links during the extraction of .tar and .tar.gz archives. By crafting malicious archives, an attacker can write files t...

CVE-2026-27670

CVE-2026-27670 : OpenClaw before version 2026.3.2 contains a race condition in ZIP extraction that can allow a local attacker to write files outside the intended extraction directory by rebinding parent symlinks, via a time-of-check-time-of-use vulnerability between path validation and file write...

CVE-2026-27670 OpenClaw < 2026.3.2 - Arbitrary File Write via ZIP Extraction Parent Symlink Race Condition

OpenClaw versions prior to 2026.3.2 contain a race condition vulnerability in ZIP extraction that allows local attackers to write files outside the intended destination directory. Attackers can exploit a time-of-check-time-of-use race between path validation and file write operations by rebinding...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview @apostrophecms/import-export is an Import Export Documents for ApostropheCMS Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the extract function in gzip.js. A user with Global Content Modify permission can write arbitrary file...

Arbitrary file write via tar traversal in mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

GHSA-FHFF-QMM8-H2FP Arbitrary file write via tar traversal in mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

Linux Distros Unpatched Vulnerability : CVE-2026-3029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5. CVE-2026-3029 Note that Ness...

PT-2026-26336

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.1 Description Langflow is susceptible to an arbitrary file write issue through the POST /api/v2/files API endpoint. The vulnerability stems from a lack of boundary containment checks in the storage layer, which...

PT-2026-26442

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 Description SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it contains an authenticated arbitrary fil...

PT-2026-26331

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

PyMuPDF 安全漏洞

PyMuPDF is an open-source, high-performance Python library for data extraction, analysis, conversion, and manipulation of PDF documents. Version 1.26.5 of PyMuPDF contains a security vulnerability, which stems from the embedded get function in main.py, allowing for path traversal and arbitrary fi...

FreeBSD : Roundcube -- Multiple vulnerabilities (c5b93cb5-2363-11f1-81da-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c5b93cb5-2363-11f1-81da-8447094a420f advisory. The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcac...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of upload file paths, allowing administrators to write files to arbitrary...

CVE-2025-15031

MLflow is affected by a path-traversal in its pyfunc extraction: tarfile.extractall is used without validating archive paths, allowing crafted tar.gz files to escape the extraction directory via .. or absolute paths. Documents consistently describe potential arbitrary file writes and the risk of ...

CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

CVE-2026-32731

CVE-2026-32731 affects ApostropheCMS via the @apostrophecms/import-export gzip extractor. The extract(filepath, exportPath) uses fs.createWriteStream(path.join(exportPath, header.name)) without sanitising path traversal, allowing Zip Slip if a crafted .tar.gz is uploaded by a user with Global Con...

CVE-2026-32731 ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

GHSA-8QVF-MR4W-9X2C Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...