7250 matches found
CVE-2026-27905
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...
OpenClaw: Zip extraction symlink traversal could write outside destination
Summary A path confinement bypass in OpenClaw ZIP extraction allowed writes outside the intended destination when a pre-existing symlink was present under the extraction root. Affected Packages / Versions - Package: openclaw npm - Latest published npm version at triage time: 2026.2.21-2 - Affecte...
CVE-2026-27905
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...
CVE-2026-27905
CVE-2026-27905 affects BentoML prior to 1.4.36. The safe_extract_tarfile() path validation checks only the symlink’s own path, not the symlink’s target, enabling an attacker to craft a tar with a symlink pointing outside the extraction directory followed by a regular file that writes via the syml...
CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...
EUVD-2026-9343
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...
CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...
CVE-2026-27905 BentoML has an Arbitrary File Write via Symlink Path Traversal in Tar Extraction
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path,...
CVE-2026-24848
CVE-2026-24848 – OpenEMR : OpenEMR versions 7.0.4 and earlier are affected by a vulnerability in the EtherFaxActions.php disposeDocument() method that allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This can be exploited to achieve Remote Cod...
CVE-2026-24848
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...
CVE-2026-24848 OpenEMR Arbitrary File Write leading to Remote Code Execution
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...
CVE-2026-24848 OpenEMR Arbitrary File Write leading to Remote Code Execution
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...
CVE-2026-24848 OpenEMR Arbitrary File Write leading to Remote Code Execution
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...
GHSA-3X3X-H76W-HP98 OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write
Summary OpenClaw exec allowlist/safeBins policy could be bypassed with attached short-option payloads for example sort -o/tmp/poc, enabling file-write operations while still satisfying safeBins checks. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.17 - Latest...
OpenClaw exec allowlist safeBins short-option bypass could permit arbitrary file write
Summary OpenClaw exec allowlist/safeBins policy could be bypassed with attached short-option payloads for example sort -o/tmp/poc, enabling file-write operations while still satisfying safeBins checks. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.17 - Latest...
OpenClaw: ZIP extraction race could write outside destination via parent symlink rebind
Summary ZIP extraction in OpenClaw could be raced into writing outside the intended destination directory via parent-directory symlink rebind between validation and write. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: = 2026.3.1 - Latest published vulnerable version...
Directory Traversal
Overview @openclaw/feishu is an OpenClaw Feishu/Lark channel plugin community maintained by @m1heng Affected versions of this package are vulnerable to Directory Traversal via media.ts. An attacker can write arbitrary files outside the intended temporary directory by supplying crafted Feishu medi...
CVE-2025-63909
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...
GHSA-M6W7-QV66-G3MF BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...
BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...