Directory Traversal

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal. Adobe Vulnerability Report: This vulnerability could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability ...

GHSA-RFX7-4XW3-GH4M @appium/support has a Zip Slip arbitrary file write in its ZIP extraction

Summary @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the UniqueTrackingId field in the StartAction API request when the saveLogs feature is enabled. An attacker can write arbitrary files to locations outside the intended log directory by supplying directory travers...

EUVD-2026-10910

OliveTin's unsafe parsing of UniqueTrackingId can be used to write files...

GHSA-364Q-W7VH-VHPC OliveTin's unsafe parsing of UniqueTrackingId can be used to write files

When the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the StartAction API request. This value is not validated or sanitized before being used in a file...

Vociferous 访问控制错误漏洞

Vociferous is a cross-platform offline voice-to-text tool developed by Andrew Brown. Versions prior to 4.4.2 of Vociferous contained an access control vulnerability. This vulnerability stemmed from the lack of filename validation in the exportfile route in src/api/system.py, along with unvalidate...

CVE-2026-31817

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the...

CVE-2026-31817

OliveTin before 3000.11.2 exposes an unsafe file path construction in SaveLogs: the StartAction API’s user-supplied UniqueTrackingId is used in log file paths without validation, enabling directory traversal (e.g., ../../../) to write files to arbitrary filesystem locations. This impacts systems ...

EUVD-2026-10810

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained downloadpath in confluencedownloadattachment...

MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

GHSA-XJGW-4WVW-RGM4 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

CVE-2026-27825

The CVE-2026-27825 entry describes an arbitrary file write in MCP Atlassian’s MCP server for Confluence/Jira. Before version 0.17.0, the confluence_download_attachment tool accepts a download_path without directory boundary enforcement, allowing an attacker who can call the tool and provide a Con...

CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...

CVE-2025-41758

A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extractZipArchive function when downloading and extracting Node.js archives. An attacker can create or modify files outside the intended extraction directory by intercepting or controlling the Node.js downloa...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extractZipArchive function when downloading and extracting Node.js archives. An attacker can create or modify files outside the intended extraction directory by intercepting or controlling the Node.js downloa...

EUVD-2026-10341

Actual Sync Server has an Authenticated Path Traversal...

📄 usbmuxd 1.1.1-1 Path Traversal / Arbitrary File Write

A path traversal vulnerability exists in usbmuxd, a system daemon responsible for multiplexing USB connections to mobile devices. Due to insufficient validation and sanitization of file path inputs processed through its message-handling interface, a local attacker with access to the usbmuxd UNIX...

PT-2026-24642

Summary The confluence download attachment MCP tool accepts a download path parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the...