CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

EUVD-2025-24554

Malicious code in bioql PyPI...

Mycodo 路径遍历漏洞

Mycodo is an environment monitoring and conditioning system. Used to couple inputs and outputs to sense and manipulate the environment, Mycodo is vulnerable to a path traversal vulnerability in versions prior to 8.12.7, which stems from a networked system or product failing to properly filter...