Lucene search
K

26 matches found

NVD
NVD
added last week6 views

CVE-2026-48789

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

4.3CVSS0.00231EPSS
Exploits0References1
EUVD
EUVD
added last week4 views

EUVD-2026-39008

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52032

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description On Windows, the document folder listing route allows the use of an encoded absolute Windows path that resolves outside the intended documents directory. This occurs because the shared path...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 7:17 p.m.12 views

CVE-2026-53779

WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMGPATH directory by sending requests with percent-encoded backslashes %5C that bypass the path.Clean sanitization in handler/router.go...

8.7CVSS0.00408EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:14 p.m.6 views

CVE-2026-54286

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.7 views

CVE-2026-46383

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

5.5CVSS5.5AI score0.0061EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.14 views

Fedora 44 : pie (2026-e5d5fc359d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e5d5fc359d advisory. Version 1.4.5 This release contains vulnerability fixes for the following security advisories: - GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion...

6.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.11 views

Fedora 43 : pie (2026-b2fe14ec86)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b2fe14ec86 advisory. Version 1.4.5 This release contains vulnerability fixes for the following security advisories: - GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion...

6.4AI score
Exploits0References1
NVD
NVD
added 2026/05/28 10:16 p.m.10 views

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS0.006EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:44 p.m.15 views

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ ..\ absolute paths This allows...

6.2AI score0.0005EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/12 9:53 p.m.10 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1
OSV
OSV
added 2026/05/06 9:45 p.m.8 views

GHSA-2H4P-VJRC-8XPQ Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6
OSV
OSV
added 2026/02/27 10:16 p.m.8 views

PYSEC-2026-64

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS5.9AI score0.03095EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/27 9:43 p.m.37 views

EUVD-2026-9082

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS6AI score0.03095EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/19 3:49 p.m.21 views

CVE-2026-25766 Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS0.00329EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/17 6:53 p.m.9 views

Echo has a Windows path traversal via backslash in middleware.Static default filesystem

Summary On Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. Details In middleware/static.go, the requested path is unescaped and normalized with path.Clean URL semantics...

5.3CVSS6AI score0.00329EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 9:2 p.m.10 views

pnpm has Windows-specific tarball Path Traversal

Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators, enabling path traversal. This vulnerability...

6.5CVSS5.9AI score0.00433EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2557

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.00447EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-7211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. CVE-2020-7211 Note that Nessus relies on the presence of t...

7.5CVSS7.7AI score0.04141EPSS
Exploits0References2
NCSC
NCSC
added 2025/08/11 7:36 a.m.8 views

Vulnerability fixed in WinRAR

Rarlab has fixed a vulnerability in WinRAR. The vulnerability is in the Windows version of WinRAR and involves a path traversal. This flaw allows attackers to execute arbitrary code using malicious archive files. This can lead to unauthorized access and control of affected systems. Public sources...

8.8CVSS7.7AI score0.85778EPSS
Exploits35References1
Rows per page
Query Builder