CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

CVE-2026-28507

CVE-2026-28507 affects Idno (social publishing platform). Public disclosures and Red Hat/Veracode entries describe two chained vulnerabilities leading to remote code execution: 1) Arbitrary PHP file write during WordPress import via importImagesFromBodyHTML, leveraging uncontrolled outbound fopen...

CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

OpenSift 路径遍历漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift prior to 1.6.3-alpha contained a path traversal vulnerability. This vulnerability stemmed from the lack of uniform enforcement of the base directory inclusion in the path construction...

📄 basic-ftp Path Traversal / Arbitrary File Write

basic-ftp versions prior to 5.2.0 proof of concept that demonstrates an arbitrary file write using a path traversal. ============================================================================================================================================= | Title : basic-ftp prior to version...

CVE-2026-28486 OpenClaw 2026.1.16-2 < 2026.2.14 - Path Traversal (Zip Slip) in Archive Extraction via Installation Commands

OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traversal vulnerability in archive extraction during installation commands that allows arbitrary file writes outside the intended directory. Attackers can craft malicious archives that, when extracted via skills install, hooks instal...

CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

CVE-2026-28459 OpenClaw < 2026.2.12 - Arbitrary File Write via Untrusted sessionFile Path

OpenClaw versions prior to 2026.2.12 fail to validate the sessionFile path parameter, allowing authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. Attackers can supply a sessionFile path outside the sessions directory to create files and append da...

CVE-2026-28459

OpenClaw vulnerability CVE-2026-28459 affects OpenClaw versions prior to 2026.2.12. The issue is an inadequate validation of the sessionFile path parameter, permitting authenticated gateway clients to write transcript data to arbitrary locations on the host filesystem. An attacker can supply a se...

EUVD-2026-9794

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

CVE-2026-2743

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

CVE-2026-2743

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

CVE-2026-2743

SEPPmail UX: CVE-2026-2743 describes Arbitrary File Write via a Path Traversal in the Seppmail User Web Interface’s Large File Transfer feature, enabling Remote Code Execution on versions up to 15.0.2.1. The connected records confirm the affected product and the underlying vulnerability path but ...

CVE-2026-2743 SEPPmail User Web Interface Arbitrary File Write to RCE

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

CVE-2026-2743 SEPPmail User Web Interface Arbitrary File Write to RCE

Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer LFT. This issue affects SeppMail: 15.0.2.1 and before...

CVE-2025-70341

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files...

CVE-2026-27905

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...

GHSA-6PX9-J4QR-XFJW pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...

pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...

Directory Traversal

Overview eml-parser is a Python EML parser library Affected versions of this package are vulnerable to Directory Traversal via the recursivelyextractattachments.py script when processing email attachments with attacker-controlled filenames. An attacker can write arbitrary files outside the intend...