CVE-2026-34522

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to...

CVE-2026-34522

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to...

SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory

Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into charactername. Details charactername is used unsafely as part of the destination filename and...

External Control of File Name or Path

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/chats/import endpoint when unsanitized input in the charactername parameter is used to construct file paths. An attacker can write arbitrar...

GHSA-XVWW-XHX6-22PF SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory

Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into charactername. Details charactername is used unsafely as part of the destination filename and...

kernel: audit: fix out-of-bounds read in audit_compare_dname_path()

An out of bounds read exists in the linux kernel such that when a watch on dir=/ is combined with an fsnotify event for a single-character name directly under root an out-of-bounds read can occur in auditcomparednamepath...

CVE-2025-39840

The CVE-2025-39840 in the Linux kernel is a fixed out-of-bounds read in audit_compare_dname_path() when a watch on / coincides with a single-character create under / (e.g., /a). The root cause is that parent_len() returns 1 for "/"; audit_compare_dname_path() can set pathlen to 0 and dereference ...

CVE-2018-18250

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...