PT-2026-43296

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of the search parameter in the "com media files" API endpoint allows for path traversal, a condition where an attacker can access files and...

CVE-2026-45301

Open WebUI (self-hosted AI platform) is affected by CVE-2026-45301 due to a missing permission check in all files-related API endpoints. Before version 0.3.16, any authenticated user could list, access, and delete files uploaded by any user via the /api/v1/files endpoints, exposing confidential d...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.5 and 9.5.0-alpha.3. These vulnerabilities stemmed from the use of readOnlyMasterKey,...

CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the...

CVE-2026-27483

The CVE-2026-27483 entry describes MindsDB prior to version 25.9.1.1 with a path traversal in the /api/files "Upload File" module. The vulnerability arises because multipart uploads do not filter the uploaded filename path, allowing an authenticated attacker to inject "../" sequences and cause fi...

CVE-2026-26329 OpenClaw has a path traversal in browser upload allows local file read

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...