2055 matches found
CVE-2026-0846 Arbitrary File Read via Absolute Path Input in nltk.util.filestring()
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...
Arbitrary File Write via Path Traversal in Malicious NLTK Downloader Index (nltk.downloader.Package.fromxml)
NLTK relies on the nltk.downloader.Downloader class to securely fetch corpora and models. It fetches an index.xml file to map package ids to payload URLs. A critical Arbitrary File Write vulnerability exists in nltk.downloader.Package.fromxml due to a lack of sanitization on the id field. When...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-2753
CVE-2026-2753 describes an Absolute Path Traversal in Navtor NavBox. An unauthenticated attacker can submit requests containing absolute filesystem paths via the HTTP service, potentially retrieving arbitrary files on the underlying system, limited by the service process privileges. The issue is ...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
GHSA-7XHJ-55Q9-PC3M OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading
Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...
GHSA-XW4P-PW82-HQR7 OpenClaw's sandbox skill mirroring path traversal vulnerability could write outside the sandbox workspace
Overview In affected versions, OpenClaw’s sandbox skill mirroring used the skill’s frontmatter name as part of the destination path when copying skills into the sandbox workspace. A crafted skill name containing traversal segments for example ../ or an absolute path could cause the copy to write...
CVE-2026-28414
A flaw was found in Gradio. When running on Windows with Python 3.13 or later, an absolute path traversal vulnerability allows unauthenticated attackers to read arbitrary files from the file system. This occurs because a change in Python's os.path.isabs definition causes Gradio's path joining log...
GHSA-39MP-8HJ3-5C49 Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
Summary Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Details Python 3.13+ changed the definition of os.path.isabs so that root-relative paths like...
Gradio is Vulnerable to Absolute Path Traversal on Windows with Python 3.13+
Summary Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Details Python 3.13+ changed the definition of os.path.isabs so that root-relative paths like...
PYSEC-2026-64
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...
CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...
CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...
CVE-2026-28414
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...
CVE-2026-28414
CVE-2026-28414 : The issue affects Gradio prior to 6.7 on Windows with Python 3.13+. A bug in Gradio’s path-joining logic, triggered by Python 3.13+ changes to os.path.isabs, allows an unauthenticated attacker to read arbitrary files from the Gradio server via root-relative paths. The vulnerabili...
CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...
Gradio 安全漏洞
Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.7, Gradio had a security vulnerability. This vulnerability stemmed from changes in the definition of os.path.isabs in Python 3.13+,...