PT-2026-30620

UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-31062

UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename in the file...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

UTT 520W 安全漏洞

UTT 520W is a wireless router produced by China's UT Technology Co., Ltd. The UTT 520W v3v1.7.7-180627 version contains a security vulnerability. This vulnerability stems from a buffer overflow in the filename parameter of the formFtpServerDirConfig function, which could lead to a denial-of-servi...

CVE-2026-31062

CVE-2026-31062 affects UTT Aggressive 520W devices with firmware v3v1.7.7-180627. The issue is a buffer overflow in the filename parameter of the formFtpServerDirConfig function, leading to Denial of Service via crafted input. The connected sources consistently describe this as a DoS vulnerabilit...

CVE-2026-5597

A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument filename can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

Directory Traversal

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can write arbitrary files on the...

Directory Traversal

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can...

CVE-2026-5597 griptape-ai griptape ComputerTool tool.py path traversal

A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument filename can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

CVE-2026-5597 griptape-ai griptape ComputerTool tool.py path traversal

A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument filename can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

griptape 路径遍历漏洞

Griptape is an open-source generative AI application development framework created by Griptape. Version 0.19.4 of Griptape contains a path traversal vulnerability, which stems from incorrect handling of the parameter filename, potentially leading to path traversal attacks...

PT-2026-30509

A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptapetoolscomputertool.py of the component ComputerTool. Executing a manipulation of the argument filename can lead to path traversal. It is possible to launch the attack remotely. The exploit has be...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the filenamedisk parameter in the file management API. An...

Directus: Path Traversal and Broken Access Control in File Management API

Summary A broken access control vulnerability was identified in the Directus file management API that allows authenticated users to overwrite files belonging to other users by manipulating the filenamedisk parameter. Details The PATCH /files/id endpoint accepts a user-controlled filenamedisk...

Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write

Summary The plugin file upload endpoint POST /api/plugin/upload passes the user-supplied filename directly to createTempFolder without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary...

GHSA-2WFH-RCWF-WH23 Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write

Summary The plugin file upload endpoint POST /api/plugin/upload passes the user-supplied filename directly to createTempFolder without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary...

Parse Server: File upload Content-Type override via extension mismatch

Impact A file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the extension e.g., text/html. The Content-Type is passed to the storage adapter without consistency validation. Storage adapters that store...

PT-2026-30320

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.73 and 9.7.1-alpha.4 Description A file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the extension e.g.,...