Lucene search
K

252 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-61432

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS0.00278EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-61432

PraisionAI (praisonaiagents) before 1.6.78 has a path traversal flaw in the FastContext feature. FastContextAgent.execute_tool() only prefixes workspace_path for relative paths and does not reject absolute paths or canonicalize joined paths, allowing tool arguments or model-generated calls to gre...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42898

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42769

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

6.2CVSS6AI score0.00272EPSS
Exploits1References5
NVD
NVD
added 5 days ago7 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

6.2CVSS0.00272EPSS
Exploits1References4
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

0.00272EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

9.8CVSS6AI score0.02147EPSS
Exploits2References5
CVE
CVE
added 5 days ago8 views

CVE-2026-39245

CVE-2026-39245 affects the decompress package (before 4.2.2). The vulnerability arises from an improper path containment check during extraction: safeMakeDir (index.js:29) and extraction path validation (index.js:106) rely on realDestinationDir.indexOf(realOutputPath) !== 0. This boundary check f...

6.2CVSS6AI score0.00272EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56053

Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...

9.1CVSS6AI score
Exploits0References8
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13885

Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00379EPSS
Exploits0References2
OSV
OSV
added 2026/06/27 12:2 a.m.7 views

GHSA-FR4H-3CPH-29XV pnpm: Hoisted install imports lockfile alias outside node_modules

Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases suc...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 11:21 p.m.3 views

GHSA-4GXV-P5G5-J7W7 gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host

Summary A logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with 0o777 permissions. The bug is independent...

8.1CVSS5.8AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 10:10 p.m.2 views

GHSA-5G9F-CWWG-4P8G PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles

Summary AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying that the path is contained within the temporary folder. Any code holding a reference to a generato...

3CVSS6AI score0.00112EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:13 p.m.10 views

CVE-2026-48789

CVE-2026-48789 affects AnythingLLM on Windows prior to version 1.13.0. The document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style "../" traversal but does not reject W...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 5:13 p.m.32 views

CVE-2026-48789 AnythingLLM: Windows path containment bypass in document folder route

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

4.3CVSS0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 12:59 p.m.7 views

JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments

Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/19 9:42 p.m.10 views

GHSA-JVCM-F35G-W78P Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory

Summary AgentRuntime promises scoped file access under a configured sandbox basePath, but its path containment checks use raw string prefix tests. A sandbox base such as /tmp/network-ai-sandbox also matches a sibling path such as /tmp/network-ai-sandboxevil/secret.txt. An agent/user that can call...

6.5CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/18 8:42 p.m.5 views

GHSA-8MG9-J9CF-54CJ OpenClaw: Empty-scope device re-pairing could confuse caller scope containment

Summary Empty-scope device re-pairing could confuse caller scope containment. In affected versions, a device re-pairing request with an empty scope set could skip the intended containment guard during re-pairing. This advisory is scoped to the named feature and configuration. It does not change...

5.4CVSS5.6AI score0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 9:19 p.m.25 views

CVE-2026-48820 CakePHP: View::element() is missing a path containment check

CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths...

6.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:19 p.m.29 views

CVE-2026-48820

The CakePHP CVE-2026-48820 vulnerability affects View::_getElementFileName(), where the resolved element path is not validated to be within the application/plugin view template paths. This can allow crafted user-supplied data to include other PHP files on the server. Affected versions span 4.5.11...

6.3CVSS5.4AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder