GHSA-9WHX-C884-C68Q Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

uutils coreutils has a Link Following Issue Via rm Utility

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

Linux Distros Unpatched Vulnerability : CVE-2026-35349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than...

GHSA-79PF-VX4X-7JMM File Browser's TUS Delete Endpoint Bypasses Delete Permission Check

Summary A broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrato...

MiracleLinux 3 : gnome-vfs2-2.16.2-10.AXS3 (AXSA:2013-42:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-42:01 advisory. GNOME VFS is the GNOME virtual file system. It is the foundation of the Nautilus file manager. It provides a modular architecture and ships with several module...

CVE-2022-42474

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged...

CVE-2007-0751

A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command...

CVE-2007-0751

A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command...

Mandrake Linux Security Advisory : fileutils (MDKSA-2002:031)

Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version. %NASLMINLEVEL...

GNU fileutils - recursive directory removal race condition

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: fileutils Version: 4.1 stable and 4.1.6 development version Homepage: http://www.gnu.org/software/fileutils/fileutils.html Author: Wojciech Purczynski [email protected] Date: March 10, 2002 Issue: ====== Race condition in various utilities from...