8 matches found
CVE-2026-34522
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to...
CVE-2026-34522
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to...
External Control of File Name or Path
Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/chats/import endpoint when unsanitized input in the charactername parameter is used to construct file paths. An attacker can write arbitrar...
GHSA-XVWW-XHX6-22PF SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory
Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into charactername. Details charactername is used unsafely as part of the destination filename and...
SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory
Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into charactername. Details charactername is used unsafely as part of the destination filename and...
kernel: audit: fix out-of-bounds read in audit_compare_dname_path()
An out of bounds read exists in the linux kernel such that when a watch on dir=/ is combined with an fsnotify event for a single-character name directly under root an out-of-bounds read can occur in auditcomparednamepath...
CVE-2025-39840
The CVE-2025-39840 in the Linux kernel is a fixed out-of-bounds read in audit_compare_dname_path() when a watch on / coincides with a single-character create under / (e.g., /a). The root cause is that parent_len() returns 1 for "/"; audit_compare_dname_path() can set pathlen to 0 and dereference ...
CVE-2018-18250
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...