CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

CVE-2026-29778 pyLoad: Arbitrary File Write via Path Traversal in edit_package()

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

CVE-2026-29778

pyLoad: Arbitrary File Write via Path Traversal in edit_package() is confirmed. Affected range: 0.5.0b3.dev13–0.5.0b3.dev96; fix patched in 0.5.0b3.dev97. The issue stems from insufficient sanitization of pack_folder, relying on a single-pass "../" replacement, which can be bypassed by crafted re...

CVE-2026-29780 eml_parser: Path Traversal in Official Example Script Leading to Arbitrary File Write

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...

CVE-2026-29780 eml_parser: Path Traversal in Official Example Script Leading to Arbitrary File Write

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...

CVE-2026-29780

Summary: CVE-2026-29780 affects the Python eml_parser library. The vulnerability resides in the official example script (examples/recursively_extract_attachments.py), where attachment filenames are used directly to build output paths without sanitization, enabling an attacker-controlled filename ...

CVE-2026-29780 eml_parser: Path Traversal in Official Example Script Leading to Arbitrary File Write

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ajaxdeletefile function. An attacker can delete arbitrary files on the server by sending crafted requests as an authenticated user with Contributor-level access or higher. This can result in the deletion of...

CVE-2026-28507

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /export endpoint. An attacker can access arbitrary files on the server filesystem, including sensitive configuration files containing secrets, by sending specially crafted requests with double-encoded travers...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /export endpoint. An attacker can access arbitrary files on the server filesystem, including sensitive configuration files containing secrets, by sending specially crafted requests with double-encoded travers...

CVE-2026-28459

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

eml_parser 路径遍历漏洞

EMLParser is an open-source Python library for parsing email files developed by GOVCERT.LU. Versions of EMLParser prior to 2.0.1 contained a path traversal vulnerability. This vulnerability occurred because the sample scripts did not clean up the names of attachment files, allowing arbitrary file...

Directory Traversal

Overview dbt-common is a The shared common utilities that dbt-core and adapter implementations use Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write files outside the intended extraction directory by supplying a malicious...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the archive extraction process. An attacker can access or modify arbitrary files on the system by crafting a package containing symlinks that point outside the intended destination directory. Details A Directory...

OESA-2026-1487 hsqldb security update

HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small about 100k, fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as...

Arbitrary File Write via Validation/Extraction Path Mismatch in nltk.downloader._unzip_iter()

This report is not public...

CVE-2026-2743

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

CVE-2026-28507

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...