413 matches found
EUVD-2026-44669
Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...
CVE-2026-9108
Studio 5000 Logix Designer is affected by a path traversal vulnerability in which ACD project files may contain unvalidated file names. During project opening, paths can escape the intended extraction directory, potentially allowing an attacker to write arbitrary files to attacker-controlled loca...
CVE-2026-11917
Rockwell Automation ThinManager’s API suffers a path traversal flaw caused by improper limitation of file save operations. An authenticated attacker can write arbitrary files to restricted system directories outside the application’s intended directory. CVSS 4.0 base score 7.2 (HIGH) with network...
EUVD-2026-42833
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
CVE-2026-59195
A flaw was found in pnpm, a package manager. A remote attacker could exploit a path traversal vulnerability by crafting a malicious pnpm-lock.yaml file. When a user installs dependencies from such a repository, pnpm incorrectly processes package names from the configDependencies section, leading ...
CVE-2026-49297
Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...
CVE-2026-53906
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...
CVE-2026-8387
CVE-2026-8387 : A vulnerability in allegroai/clearml up to version 1.16.5 permits relative path traversal when extracting ZIP archives via ZipFile.extractall() in StorageManager._extract_to_cache(). The missing path validation allows an attacker to write arbitrary files to the filesystem, with at...
CVE-2026-53906
CVE-2026-53906 affects MCO’s file handling for data export and upload. The underlying issue is improper validation of the filename parameter, allowing path traversal and the potential to write files to arbitrary locations, along with indirect disclosure of absolute server paths via error messages...
CVE-2026-53906
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...
CVE-2026-58173
Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...
EUVD-2026-40354
Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...
PYSEC-2026-259 Aim External Control of File Name or Path vulnerability
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
PYSEC-2026-507 PyTorch Lightning path traversal vulnerability
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...
CVE-2026-50136 Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
CVE-2026-50136
Budibase prior to version 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The /api/attachments/:datasourceId/url route is protected only by recaptcha, allowing a caller with workspace and S3 datasource IDs t...
CVE-2026-50136 Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...
DEBIAN-CVE-2026-29509
Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...
CVE-2026-56445
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...
CVE-2026-53925
Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...