Astra Linux - уязвимость в ruby2.5, jruby

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

ZMCPTools 路径遍历漏洞

ZMCPTools is a multi-agent orchestration platform developed by ZachHandley. It supports professional task management and real-time collaboration. Versions of ZMCPTools prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from the operation of the MCP Log Resource...

EUVD-2026-26301

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote...

PT-2026-36029

A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote...

CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

CVE-2026-30655

CVE-2026-30655 involves a SQL injection in esiclivre/esiclivre before or at version 0.2.2, specifically in Solicitante::resetaSenha() when handling the cpfcnpj parameter at POST /reset/index.php. The root cause is unsafely concatenating user input into an SQL query, permitting unauthenticated rem...

CVE-2026-32771

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

CVE-2026-32771 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go lines 248–254 is vulnerable to Path Traversal due to a missing...

CVE-2026-32771

Summary of CVE-2026-32771 (CTFer.io Monitoring) : In versions prior to 0.2.2, the sanitizeArchivePath function in pkg/extract/extract.go is vulnerable to a path traversal flaw caused by a missing trailing path separator in a strings.HasPrefix check. This allows an attacker to craft archives that ...

CVE-2026-32805

CVE-2026-32805 corresponds to an Archive Slip flaw in Romeo’s webserver sanitization (github.com/ctfer-io/romeo/webserver). The root cause is a missing trailing path separator in the strings.HasPrefix check within sanitizeArchivePath, enabling a crafted tar to traverse outside the intended destin...

CVE-2026-32805 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

CVE-2026-28795

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795 OpenChatBI: Critical Path Traversal Vulnerability in save_report Tool of OpenChatBI

OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2.2, the savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal...

CVE-2026-28795

OpenChatBI’s save_report.py contains a path traversal vulnerability caused by insufficient sanitization of the file_format parameter. The issue allows crafted file_format values to traverse directories and write files outside the intended report directory, potentially overwriting critical files (...

EUVD-2026-9296

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

OpenChatBI has a Path Traversal Vulnerability in save_report Tool

Impact The savereport tool in openchatbi/tool/savereport.py suffers from a critical path traversal vulnerability due to insufficient input sanitization of the fileformat parameter. The function only removes leading dots of fileformat using fileformat.lstrip"." but allows path traversal sequences...

CVE-2026-25410

Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through = 0.2.2...