EUVD-2025-210340

Flowise before 3.0.6 affected versions 2.2.8 and earlier contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value e.g., '../../../../../tmp' as the...

EUVD-2025-210336

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

CVE-2026-40084

Summary: CVE-2026-40084 affects CACTI

CVE-2025-71338

Flowise is affected by a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem by crafting unsanitized fileName parameters with ../ sequences. This can overwrite critical files (e.g., pac...

CVE-2025-71334

Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that chatflowId and chatId are UUIDs or numbers in file handling. An attacker can use path traversal (e.g., ../../../../../tmp) via /api/v1/chatflows (addBase64File...

CVE-2025-71324

Flowise before 3.0.6 has an arbitrary file-read vulnerability in the chatId parameter of /api/v1/get-upload-file and /api/v1/openai-assistants-file/download. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is ...

CVE-2026-56445

The CVE-2026-56445 issue affects the qrscp application’s C-STORE handler. It directly uses an attacker-supplied DICOM dataset instance in os.path.join() without sanitization, enabling writes to arbitrary file paths on the system. This is a path traversal vulnerability in the file-write path, with...

CVE-2026-54093

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

CVE-2026-50549

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

CVE-2026-53925

Summary of CVE-2026-53925 (Glances) In Glances, versions 4.0.8 through 4.5.5, the secure_popen() function in glances/secure.py parses shell-like operators (>, |, &&) in command strings without validating the target path or commands. When AMP module commands/service_cmd values are read from gla...

CVE-2026-53925 Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

CVE-2026-54093

CVE-2026-54093 affects File Browser prior to v2.63.6, where archive entry names for zip/tar are built using Windows-style backslashes. On Linux, backslashes are preserved in names, allowing a Windows-style traversal like ....\evil.txt to be written on disk and then emitted verbatim in the archive...

CVE-2026-57700

Summary of CVE-2026-57700 (WordPress OMGF Pro plugin

WordPress OMGF Pro plugin <= 5.2.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by NETZLICHT in WordPress Plugin OMGF Pro versions = 5.2.6...

EUVD-2026-39492

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...

CVE-2026-50015 pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...

CVE-2026-50015

CVE-2026-50015 affects the pnpm package manager via its patch application pipeline (@pnpm/patch-package). The vulnerability arises because, prior to 10.34.0 and 11.4.0, patch file diff headers can contain traversals like ../../, and the pipeline performs no path validation on file paths extracted...

CVE-2026-55477

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

CVE-2026-55439 Halo: Path Traversal in Backup Download Leads to Arbitrary File Read

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...