Lucene search
K

53 matches found

Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.3 views

CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.3 views

CVE-2026-40152

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...

5.3CVSS6AI score0.00311EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/09 9:26 p.m.17 views

CVE-2026-40152

CVE-2026-40152 affects PraisonAIAgents: the list_files() tool in FileTools validates the directory against workspace boundaries but passes the glob pattern directly to Path.glob(), which can interpret .. path segments. This enables relative path traversal to enumerate arbitrary files outside the ...

5.3CVSS6AI score0.00311EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:26 p.m.19 views

CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...

5.3CVSS0.00311EPSS
Exploits1References1
OSV
OSV
added 2026/04/05 3:1 a.m.3 views

SUSE-SU-2026:20997-1 Security update for cockpit-repos

This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References3
OSV
OSV
added 2026/03/24 8:16 p.m.3 views

UBUNTU-CVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...

7.3CVSS6.2AI score0.00834EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 7:43 p.m.4 views

CVE-2026-33412 Vim affected by Command injection via newline in glob()

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...

5.6CVSS6AI score0.00834EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.5 views

SUSE CVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...

5.3CVSS6AI score0.00834EPSS
Exploits0References19
OSV
OSV
added 2026/02/18 10:38 p.m.4 views

GHSA-3PPC-4F35-3M26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

8.7CVSS5.9AI score0.00519EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/18 10:38 p.m.168 views

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

8.7CVSS5.3AI score0.00519EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/12/08 3:42 p.m.10 views

CLSA-2025-1765208529 vim: Fix of 2 CVEs

CVE-2025-53906: drop leading ../ on write of zipfiles, don't forcefully overwrite existing files - CVE-2025-29768: use glob '-' to protect filenames starting with '-'...

4.4CVSS6.3AI score0.00731EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6963

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00953EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/03/22 11:43 a.m.10 views

CVE-2024-6851

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS7AI score0.00953EPSS
Exploits1References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the LocalFileManager.cleanup function, by crafting a malicious glob-pattern that is not verified to be within the directory managed by...

8.7CVSS7.6AI score0.00953EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

Aim Path Traversal vulnerability

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS6.9AI score0.00953EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-6851

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS0.00953EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.49 views

CVE-2024-6851

CVE-2024-6851 affects aimhubio/aim v3.22.0. The LocalFileManager._cleanup function accepts a user-supplied glob-pattern and does not verify that matched files stay within the directory managed by LocalFileManager, allowing a crafted glob-pattern to delete arbitrary files. Reported impact is arbit...

7.5CVSS7.5AI score0.00953EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.2 views

SUSE CVE-2007-4782

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...

5CVSS7.6AI score0.04696EPSS
Exploits1References7
NVD
NVD
added 2022/12/23 2:15 p.m.36 views

CVE-2022-46171

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

7.7CVSS0.01006EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/12/23 1:47 p.m.41 views

CVE-2022-46171 Tauri vulnerable to path traversal

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

6.8CVSS7.8AI score0.01006EPSS
Exploits1References3
Rows per page
Query Builder