CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

CVE-2026-26975 Music Assistant Server Path Traversal in Playlist Update API Allows Remote Code Execution

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

PT-2026-20972

Name of the Vulnerable Software and Affected Versions Music Assistant versions 2.6.3 and below Description Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers ...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the browser download assistant accepting uncleaned output paths, which can be exploited by an attacker to traverse a directory on a system t...

Calibre 路径遍历漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Calibre versions 9.2.1 and earlier had a path traversal vulnerability. This vulnerability stemmed from a path traversa...

OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags

Summary tools.exec.safeBins could be bypassed for filesystem access when sort output flags -o / --output or recursive grep flags were allowed through safe-bin execution paths. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.19 - Latest published version at triag...

GO-2026-4358 Sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal in github.com/sigstore/sigstore

Sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal in github.com/sigstore/sigstore...

Directory Traversal

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the sendfromdirectory function. An attacker can access files within the application package directory by supplying crafted path-traversal...

Path Traversal in NLTK Downloader Package Metadata Allows Arbitrary File Write

Description The NLTK downloader does not validate file paths constructed from package metadata before writing downloaded files. A malicious NLTK data server can specify arbitrary paths via the subdir and id attributes in the package index XML, allowing arbitrary file write outside the intended...

Arbitrary File Write

Langflow is vulnerable to arbitrary file write. The vulnerability is due to lack of path validation and directory restrictions in the fspath parameter, which allows an attacker to specify arbitrary absolute paths and overwrite files on the server...

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the browser control API's handling of output paths for trace and download files. An attacker can write files to arbitrary locations on the filesystem by supplying...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the waitForDownloadViaPlaywright and downloadViaPlaywright functions. An attacker can write files outside the intended temporary downloads directory by supplying a...

Directory Traversal

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archive containing a...

Directory Traversal

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via the extract function. An attacker can read or write files outside the intended extraction directory by causing the application to extract a malicious archiv...

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

GO-2026-4453 Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs

Gogs has arbitrary file read/write via Path Traversal in Git hook editing in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

OpenClaw has an arbitrary transcript path file write via gateway sessionFile

Summary In OpenClaw versions prior to 2026.2.12, the gateway accepted an untrusted sessionFile path when resolving the session transcript file. This could allow an authenticated gateway client to create and append OpenClaw session transcript records at an arbitrary path on the gateway host...

Command Validation Bypass

@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...