163 matches found
PYSEC-2025-125
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...
CVE-2025-68143
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-68143
CVE-2025-68143 affects the mcp-server-git component. Prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and could create Git repositories in any directory accessible to the server process without validating the target location, enabling repository creation at unintended loc...
GHSA-5CGR-J3JF-JW3V mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...
CVE-2025-57698
AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function installpluginupload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to filepath without checking the validi...
PT-2025-45469
Name of the Vulnerable Software and Affected Versions AstrBot Project version 3.5.22 Description The software contains a directory traversal issue. The install plugin upload function within the '/plugin/install-upload' interface directly uses a filename from the request body, assigning it to the...
EUVD-2010-2485
Malware in sbrugna...
EUVD-2018-3379
Malware in sbrugna...
EUVD-2021-10338
Malware in sbrugna...
EUVD-2025-25433
Malicious code in bioql PyPI...
EUVD-2024-2199
Malicious code in bioql PyPI...
EUVD-2021-8086
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-23976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp...
CVE-2010-2476
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot...
CVE-2025-24249
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system...
PT-2025-13931 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.5 macOS versions prior to 14.7.5 macOS versions prior to 15.4 Description: A permissions issue was addressed with additional sandbox restrictions. An app may be able to check the existence of an arbitrary path on...
GHSA-75PX-35P4-QQ6H Aim External Control of File Name or Path vulnerability
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...
CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...
CVE-2024-52012
Apache Solr (Windows) is affected by CVE-2024-52012: a relative path traversal (zip slip) via the configset upload API that can allow arbitrary file writes to the filesystem. Affected versions are Solr 6.6 through 9.7.0. The root cause is insufficient input sanitation in the configset upload path...