Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read

Summary Two unauthenticated path traversal vulnerabilities exist in Saltcorn's mobile sync endpoints. The POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the serve...

GHSA-99G3-W8GR-X37C PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

EUVD-2026-21509

PraisonAI vulnerable to arbitrary file write via path traversal in praisonai recipe unpack...

PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`

| Field | Value | |---|---| | Severity | Critical | | Type | Path traversal -- arbitrary file write via tar.extract without member validation | | Affected | src/praisonai/praisonai/cli/features/recipe.py:1170-1172 | Summary cmdunpack in the recipe CLI extracts .praison tar archives using raw...

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

EUVD-2026-21152

PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor memory/hooks.py...

CVE-2026-33704

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

CVE-2026-33704 Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

CVE-2026-33704

CVE-2026-33704 affects Chamilo LMS prior to version 1.11.38. An authenticated user (including students) can use the BigUpload endpoint to write arbitrary content to server files: the key parameter selects the filename and the raw POST body becomes the file contents. Although .php extensions are f...

CVE-2026-33704 Chamilo LMS Affected by Authenticated Arbitrary File Write via BigUpload endpoint

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user including students can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are...

CVE-2026-40162

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

CVE-2026-40157

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

CVE-2026-40163 Saltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory read

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offlinechanges endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content...

CVE-2026-40163

Saltcorn is affected by an unauthenticated path traversal vulnerability in the sync endpoints. Before versions 1.4.5, 1.5.5, and 1.6.0-beta.4, POST /sync/offline_changes allows an attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON anywhere on the ...

CVE-2026-40162 Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

CVE-2026-40162 Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

CVE-2026-40162

Bugsink 2.1.0 is affected by an authenticated arbitrary file write in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem location writable by the Bugsink process. This results in potential im...

CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmdunpack in the recipe CLI extracts .praison tar archives using raw tar.extract without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who...

CVE-2026-40157

Summary: PraisionAI’s recipe unpack (cmd_unpack) before 4.5.128 is vulnerable to a path traversal in .praison tar archives. The code uses tar.extract() without validating archive member paths, so a bundle containing ../../ entries can write files outside the intended output directory. An attacker...