Lucene search
K

91 matches found

OSV
OSV
added 2026/06/29 9:16 a.m.3 views

UBUNTU-CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 7:53 a.m.6 views

EUVD-2026-40050

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.4AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-43943

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS6.1AI score0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:23 p.m.11 views

CVE-2026-6957

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 2:23 p.m.28 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/25 7:16 a.m.22 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 5:45 a.m.7 views

CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:45 a.m.11 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/25 5:45 a.m.14 views

EUVD-2026-31638

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 5:45 a.m.40 views

CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS0.00398EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-43006

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.1.0 through 1.1.x Description Support for Anthropic's Skills API uses filenames influenced by the Large Language Model LLM without proper sanitization in the Path.resolve function before writing files to disk. This flaw...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/23 12:0 a.m.13 views

Directory Traversal

Overview org.springframework.ai:spring-ai-anthropic is an Anthropic models support Affected versions of this package are vulnerable to Directory Traversal via filename handling in the API support. An attacker can perform path traversal by supplying LLM-influenced filenames that are used unsanitiz...

8.7CVSS6.3AI score0.00398EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 10:16 p.m.19 views

CVE-2026-44565

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

8.1CVSS0.00454EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 9:40 p.m.40 views

CVE-2026-44565 Open WebUI: Open WebUI Arbitrary File Write, Delete via Path Traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.10, when uploading an audio file, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with nam...

8.1CVSS0.00454EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 9:1 p.m.9 views

CVE-2026-44566 Open WebUI: Arbitrary File Upload and Path Traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with...

7.3CVSS5.8AI score0.00336EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 2:0 p.m.7 views

OESA-2026-2305 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

7.2CVSS6.1AI score0.0081EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 2:0 p.m.6 views

OESA-2026-2304 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

7.2CVSS6.1AI score0.0081EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 2:0 p.m.8 views

OESA-2026-2303 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

7.2CVSS6.1AI score0.0081EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 2:0 p.m.8 views

OESA-2026-2302 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

7.2CVSS6.1AI score0.0081EPSS
Exploits1References2
Rows per page
Query Builder