CVE-2026-42213

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

UBUNTU-CVE-2026-43901

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

EUVD-2026-29183

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

PT-2026-34804

Name of the Vulnerable Software and Affected Versions melange versions 0.32.0 through 0.43.3 Description When using the opt-in flag '--persist-lint-results' via 'melange lint' or 'melange build', the software constructs output file paths by joining the '--out-dir' parameter with arch and pkgname...

melange has Path Traversal via .PKGINFO in --persist-lint-results

melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not validate...

EUVD-2026-24674

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

EUVD-2026-14992

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

PT-2026-27472

Name of the Vulnerable Software and Affected Versions IDrive versions affected versions not specified Description The id service.exe process operates with elevated privileges and routinely reads files located in the C:ProgramDataIDrive directory. These files, encoded in UTF16-LE, are used as...

CVE-2026-32749

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsi...

AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

CVE-2026-32731

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

CVE-2026-1186

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

CVE-2026-1186

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

CVE-2026-1186 Path Traversal in EAP Legislator

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

CVE-2026-1186 Path Traversal in EAP Legislator

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

Directory Traversal

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Directory Traversal via unsinitised file names passed directly into os.path.joinfiledir, fname function. An attacker can write files to arbitrary locations on the filesystem...