PT-2026-45883

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4 Description A cross-agent integrity violation exists where a shared-agent editor can delete file records globally. By using the "DELETE /api/files" endpoint, an editor can remove files that the owner has reuse...

CVE-2026-40384

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2026-40384

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

GHSA-3363-2PH6-35WH Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

PT-2026-41390

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file

Summary A missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. Details All files/ related endpoints lack permission checks. Listing all files For example, let's see how file listing ...

CVE-2026-39942

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...

CVE-2026-0558

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

EUVD-2026-16668

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

CVE-2026-5027

CVE-2026-5027: Langflow narrow path traversal in POST /api/v2/files where the filename field from multipart form data is not sanitized, enabling writing files to arbitrary filesystem locations via ../ sequences. CVSS 3.1 base score 8.8 (HIGH): Network attack, low attack complexity, requires low p...

CVE-2026-28788

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...

CVE-2026-33238

WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal in the /api/files endpoint due to insufficient validation of the uploaded file path. An attacker can write arbitrary files to...

CVE-2025-63663

Incorrect access control in the /api/v1/conversations//files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files...

EUVD-2023-3296

Malicious code in bioql PyPI...

PT-2025-34141

Name of the Vulnerable Software and Affected Versions: Directus versions 10.8.0 through 11.9.2 Description: Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing...

Directory Traversal

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Directory Traversal via the purpose parameter in the /v1/files endpoint. An...