Lucene search
K

896 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-61432

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS0.00278EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42898

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 5 days ago2 views

CVE-2026-61432 PraisonAI FastContext before 1.6.78 Path Traversal

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References5
OSV
OSV
added 2026/07/05 12:5 p.m.5 views

RLSA-2026:30860 Important: perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS6.4AI score0.00292EPSS
Exploits3References2
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:40 p.m.7 views

EUVD-2026-41425

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 7:40 p.m.17 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS6AI score0.0047EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/02 7:40 p.m.35 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/02 7:40 p.m.6 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS6AI score0.0047EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:40 p.m.14 views

CVE-2026-59094

Affected software: Pathway, affected up to v0.31.1. Vulnerability: document store applies a caller-supplied glob pattern to indexed document paths via a hand-written recursive matcher that branches on each ** token without memoization, yielding exponential worst-case complexity. The pattern from ...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 12:3 p.m.4 views

RLSA-2026:30859 Important: perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS6.2AI score0.00292EPSS
Exploits3References2
Rockylinux
Rockylinux
added 2026/07/01 12:3 p.m.7 views

perl-IO-Compress security update

An update is available for perl-IO-Compress. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This distribution provides a Perl interface to allow reading and...

7.8CVSS6.2AI score0.00292EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.18 views

RHEL 10 : perl-IO-Compress (RHSA-2026:30860)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30860 advisory. This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress...

7.8CVSS6.5AI score0.00292EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.8 views

Important: Red Hat Security Advisory: perl-IO-Compress security update

An update for perl-IO-Compress is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.2AI score0.00292EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.7 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.8CVSS6.1AI score0.00292EPSS
Exploits3References6
OSV
OSV
added 2026/06/29 12:1 p.m.6 views

RLSA-2026:30851 Important: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access CVE-2026-42496 perl-IO-Compress: perl-IO-Compress: Arbitrar...

8.2CVSS6.4AI score0.0043EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2026/06/29 5:1 a.m.6 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.8CVSS6.1AI score0.00292EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 2026/06/29 4:49 a.m.7 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.8CVSS6.1AI score0.00292EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 2026/06/29 2:38 a.m.8 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.8CVSS6.1AI score0.00292EPSS
Exploits3References6
Rows per page
Query Builder