CVE-2026-54228 Abrt: toctou race condition in abrt-dbus setelement allows arbitrary file writes to dump directories

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

Linux Distros Unpatched Vulnerability : CVE-2026-54055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protoc...

UBUNTU-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

CVE-2026-54055

Kitty (cross‑platform GPU terminal) contains a local privilege escalation vulnerability in its file transmission protocol prior to 0.47.2. A TOCTOU race between symlink validation and file creation allows a child process in the terminal to cause an attack to write to arbitrary files because os.op...

CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

Security Bulletin: Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

Summary IBM Langflow Desktop contains a critical vulnerability in its v2 API file handling mechanism where the POST /api/v2/files/ endpoint improperly processes multipart upload filenames without sanitization, allowing path traversal and arbitrary file write outside intended directories; this fla...

Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization

Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...

GHSA-7QMG-GRCP-QF25 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

CVE-2026-6961 CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations...

security-advisories

Security Advisories This repository contains public security...

PT-2026-49066

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes is only a path separator on Windows. A file whose name contains Windows-style traversal ......evil.txt is accepted by the resource handlers,...

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

Veeam Software Appliance < 13.0.2.29 Arbitrary File Write (CVE-2026-32997)

The version of Veeam Backup and Replication Veeam Software Appliance installed on the remote Linux host is prior to 13.0.2.29. It is, therefore, affected by a vulnerability that allows an authenticated user with the Backup Administrator role to write arbitrary files on the Linux-based Veeam Backu...

CVE-2026-47712

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. A remote attacker could exploit this vulnerability by crafting a malicious commit subject. When the formatpatch function processes this subject, it could lead to an arbitrary file write, allowing the...

Directory Traversal

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the filtersafetarinfos and filtersafezipinfos functions in the archive extraction utilities. An attacker can write arbitrary files outside the...

CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

EUVD-2026-36253

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...