Lucene search
+L

6 matches found

NVD
NVD
added last week8 views

CVE-2026-60089

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS0.00141EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/26 4:32 p.m.11 views

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2025/12/08 12:0 a.m.7 views

Medium: curl

Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Issue Correction: Run dnf...

4.6CVSS6.6AI score0.00302EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.7 views

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

6.5CVSS7AI score0.00601EPSS
Exploits0References1
OSV
OSV
added 2023/06/19 12:15 p.m.3 views

UBUNTU-CVE-2023-3316

A NULL pointer dereference in TIFFClose is caused by a failure to open an output file non-existent path or a path that requires permissions like /dev/null while specifying zones...

6.5CVSS7.1AI score0.01124EPSS
Exploits1References6
OSV
OSV
added 2023/01/04 6:15 p.m.2 views

DEBIAN-CVE-2022-46457

NASM v2.16 was discovered to contain a segmentation violation in the component ieeewritefile at /output/outieee.c...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References1
Rows per page
Query Builder