65 matches found
CVE-2026-59807
CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...
PT-2026-56569
Name of the Vulnerable Software and Affected Versions Composio SDK versions prior to 0.2.32-beta.283 Description A path validation bypass allows attackers to read and exfiltrate sensitive files. This occurs due to a missing assertSafeFileUploadPath check in the readFileFromDisk function within...
CVE-2026-44440 ERPNext: Path Traversal Leading to Sensitive File Exposure
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...
CVE-2026-35345
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of URL-encoded traversal sequences in the backend process. An attacker can delete critical configuration directories by supplying specially crafted paths. Details A Directory Traversal...
Path Traversal
mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...
EUVD-2000-0233
Malware in sbrugna...
EUVD-2009-4326
Malware in sbrugna...
EUVD-2020-29482
Malware in sbrugna...
EUVD-2019-19361
Malware in sbrugna...
EUVD-2021-19414
Malware in sbrugna...
EUVD-2025-21750
Malicious code in bioql PyPI...
EUVD-2025-15442
Malicious code in bioql PyPI...
EUVD-2022-34391
Malicious code in bioql PyPI...
EUVD-2025-0139
Malicious code in bioql PyPI...
EUVD-2024-1230
Malicious code in bioql PyPI...
EUVD-2022-3935
Malicious code in bioql PyPI...
vxscan
VXScan+ VXScan+ is an advanced Python-based web vulnerabili...
CVE-2025-54254
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope i...
CVE-2025-50185
CVE-2025-50185 (DbGate) affects DbGate ≤ 6.6.0. Affected component: the dbgate-plugin-csv reader function, which does not validate file paths/types before reading files. This enables unauthorized access to arbitrary system files (e.g., /etc/shadow) by a user with application-level access, via the...