CVE-2026-33682

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

EUVD-2026-16466

Incus vulnerable to arbitrary file read and write through pongo templates...

CVE-2026-29871

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19 in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcastrouter.py, in function streamaudio. The stream-aud...

CVE-2021-27483

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user...

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build...

CVE-2026-29871

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19 in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcastrouter.py, in function streamaudio. The stream-aud...

PT-2026-28741

Name of the Vulnerable Software and Affected Versions Langflow versions affected versions not specified Description The 'POST /api/v2/files' endpoint is susceptible to a path traversal issue due to insufficient sanitization of the filename parameter received through multipart form data. This allo...

DEBIAN-CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

UBUNTU-CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus prior to 6.23.0 is vulnerable to arbitrary file read/write as root on the host via instance template files using pongo2 templates. The pongo2 chroot isolation feature was intended to constrain access to the instance filesystem, but the chroot mechanism is skipped by this implementation, all...

EUVD-2026-16416

Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The checkSum multipart field is used directly in...

CVE-2025-52642

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

CVE-2026-30914

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

CVE-2026-29066

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

CVE-2026-32060

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in applypatch that allows attackers to write or delete files outside the configured workspace directory. When applypatch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including...