17 matches found
CVE-2026-47118
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
CVE-2026-47118
Agent Zero prior to 1.15 is affected by a path traversal vulnerability in the image_get API that allows unauthenticated attackers to read arbitrary files. The issue stems from relying solely on an extension allowlist while the path containment check is disabled, enabling requests for any file wit...
CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
EUVD-2026-32522
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
CVE-2026-47118
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
PT-2026-44005
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...
CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...
GHSA-245J-XJVR-XVM5 CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...
PT-2026-41769
Summary The Fileeditor module enforces an extension allowlist 'css','js','html','txt','json','sql','md' on content-write operations saveFile, createFile, but two destructive endpoints — deleteFileOrFolder and renameFile — never validate the extension of the source path. A backend user with...
CVE-2026-35200
The CVE entry CVE-2026-35200 corresponds to a vulnerability in Parse Server where an uploaded file can pair a mismatched Content-Type header with a filename extension that passes the allowlist. The issue arises because the Content-Type is accepted by the storage adapter and served as provided, le...
CVE-2026-35200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...
CVE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...
GHSA-QH6H-P6C9-FF54 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
Summary Multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to loadprompt or loadpromptfromconfig...
📄 Voyager 1.8.0 Arbitrary File Upload
Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...
CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...
PT-2022-14212
Name of the Vulnerable Software and Affected Versions The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin versions prior to 1.1.16 Description The issue arises from insufficient input validation, leading to arbitrary file upload and subsequently to remote code execution...