GHSA-GCMM-C94J-J47X @puchunjie/doc-tools-mcp has a Path Traversal Issue

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function createdocument/opendocument of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the mediaUrl and fileUrl parameters in the message tool. An attacker can access arbitrary files on the local filesystem by supplying specially crafted requests tha...

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

Command Injection

Overview textract is an Extracting text from files of various type including html, pdf, doc, docx, xls, xlsx, csv, pptx, png, jpg, gif, rtf, text/, and various open office. Affected versions of this package are vulnerable to Command Injection via the filePath parameter in multiple extractors. An...

textract is vulnerable to OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

GHSA-9PCJ-M5RR-P28G textract is vulnerable to OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

CVE-2026-26831

CVE-2026-26831 affects textract up to version 2.5.0, where filePath is passed directly to child_process.exec() in multiple extractors (lib/extractors/doc.js, lib/extractors/rtf.js, lib/extractors/dxf.js, lib/extractors/images.js, and lib/util.js) without sufficient sanitization, enabling OS comma...

PT-2026-27213

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...

Blinko 路径遍历漏洞

Blinko is an open-source AI-based card-based note-taking app designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko prior to 1.8.4 contained a path traversal vulnerability. This vulnerability stemmed from the filePath parameter accepting path traversal...

Tandoor Recipes 安全漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.5.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of input validation for the filepath parameter...

CVE-2024-50617

CVE-2024-50617 affects CIPPlanner CIPAce (prior to 9.17) in the File Download and Get File handler components. An authenticated user can modify the file id parameter or pass a physical file path in the URL query to retrieve files that should require data access permissions for documents, enabling...

EUVD-2020-30896

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

TMS Management Console security vulnerabilities

TMS Management Console is a management console software developed by the American company TMS. Version 6.3.7.27386.20250818 of TMS Management Console contains a security vulnerability. This vulnerability stems from the Download Template function in the profile dashboard, which does not properly...

PT-2025-47931

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

MaxSite CMS 代码问题漏洞

MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which stems from incorrect manipulation of the parameters filepath or content in the file...

Sim Studio 路径遍历漏洞

Sim Studio is an AI agent workflow builder from the Sim Studio open source. A path traversal vulnerability exists in Sim Studio that stems from an incorrect manipulation of the parameter filePath leading to a path traversal attack...