Lucene search
+L

18 matches found

nvd
nvd
added 6 days ago5 views

CVE-2026-50181

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
cvelist
cvelist
added last week32 views

CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
osv
osv
added last week2 views

CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS6.1AI score0.00184EPSS
Exploits1References4
github
github
added 2026/07/02 5:38 p.m.14 views

Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS5.8AI score0.00184EPSS
Exploits1References3Affected Software1
snyk
snyk
added 2026/07/02 5:38 p.m.5 views

Relative Path Traversal

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Relative Path Traversal through improper validation of user-supplied file paths in the ReadFileTool and WriteFileTool components. An attacker can access or modify files outside the...

8.4CVSS6AI score0.00184EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.12 views

PT-2026-55462

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.64.0 Description Langroid's ReadFileTool and WriteFileTool fail to properly enforce the working-directory boundary defined by curr dir. While the tools change the process working directory to curr dir, they do not...

7.1CVSS6AI score0.00184EPSS
Exploits1References14
attackerkb
attackerkb
added 2026/05/24 3:15 a.m.15 views

CVE-2026-9351

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

6.9CVSS6.2AI score0.00676EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2026/05/24 3:15 a.m.12 views

EUVD-2026-31565

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

6.9CVSS6.2AI score0.00676EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/24 12:0 a.m.10 views

Hermes Agent 路径遍历漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.16 contained a path traversal vulnerability. This vulnerability originated from the isblockeddevice function in the tools/filetools.py file within the readfi...

6.9CVSS6.6AI score0.00676EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/24 12:0 a.m.16 views

PT-2026-42907

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.17 Description A flaw in the read file Tool within the tools/file tools.py file affects the is blocked device function. This issue allows a remote attacker to perform a path traversal, which i...

6.9CVSS6.6AI score0.00676EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2026/04/29 7:0 p.m.3 views

CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

7.5CVSS7AI score0.0043EPSS
Exploits0References7
cvelist
cvelist
added 2026/04/29 7:0 p.m.29 views

CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

7.5CVSS0.0043EPSS
Exploits0References7
veracode
veracode
added 2025/11/28 5:10 a.m.7 views

Improper Access Control

flowise is vulnerable to improper access control.The vulnerability is due to insufficient file path restrictions in the WriteFileTool and ReadFileTool, which allows an attacker to read or write arbitrary files and potentially achieve remote command execution...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References8Affected Software3
github
github
added 2025/10/10 10:55 p.m.12 views

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

9.9CVSS6.6AI score0.12115EPSS
Exploits1References6Affected Software2
osv
osv
added 2025/10/10 10:55 p.m.7 views

GHSA-J44M-5V8F-GC9C Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

7.7CVSS6.6AI score0.12115EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2025/10/08 10:43 p.m.2 views

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References4
osv
osv
added 2025/10/08 10:43 p.m.6 views

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References6
cnnvd
cnnvd
added 2025/10/08 12:0 a.m.7 views

Flowise 路径遍历漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A path traversal vulnerability exists in versions prior to Flowise 3.0.8, which stems from unrestricted file path access in WriteFileTool and ReadFileTool, and could lead to arbitrary file reads and writes and remote...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References4
Rows per page
Query Builder