EUVD-2026-23456

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518

Summary: ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation due to bypassed agent name validation. This allows an attacker to supply traversal-style values or absolute paths as the agent name, influenci...

CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

📄 ddev ZipSlip Path Traversal

A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines. The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system...

GHSA-QQX8-2XMM-JRV8 ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Summary The webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to write attacker-influenced content to any path writable by the lego...

GHSA-HF5P-Q87M-CRJ7 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Summary A path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Example Given an extraction directory set to /tmp/extract, a crafted archive with an entry...

Directory Traversal

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Directory Traversal in the repository boundary validation, due to reliance on string prefix checks for resolved absolute paths. An attacker...

CVE-2026-31843

The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the namespace parameter in the Ruler API endpoint after double URL encoding. An attacker can access arbitrary files by sending specially crafted requests. Details A Directory Traversal attack also known as path...

EUVD-2026-22925

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...

CVE-2026-33929

A flaw was found in Apache PDFBox. A local user with writing rights to a specific directory could be exploited via a malicious PDF file when using the ExtractEmbeddedFiles example. This path traversal CWE-22 vulnerability, which allows an attacker to access files and directories outside of the...

CVE-2026-4135

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...

CVE-2026-0827

During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...

CVE-2026-4135

CVE-2026-4135 concerns Lenovo Software Fix. The description indicates that during installation, a local authenticated user could perform an arbitrary file write with elevated privileges, potentially impacting integrity and availability. Affected component is Lenovo Software Fix (no version detail...

CVE-2026-4135

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...

CVE-2026-4135

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...