53 matches found
CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...
CVE-2026-40152
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...
CVE-2026-40152
CVE-2026-40152 affects PraisonAIAgents: the list_files() tool in FileTools validates the directory against workspace boundaries but passes the glob pattern directly to Path.glob(), which can interpret .. path segments. This enables relative path traversal to enumerate arbitrary files outside the ...
CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path...
SUSE-SU-2026:20997-1 Security update for cockpit-repos
This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...
UBUNTU-CVE-2026-33412
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...
CVE-2026-33412 Vim affected by Command injection via newline in glob()
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...
SUSE CVE-2026-33412
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...
GHSA-3PPC-4F35-3M26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...
CLSA-2025-1765208529 vim: Fix of 2 CVEs
CVE-2025-53906: drop leading ../ on write of zipfiles, don't forcefully overwrite existing files - CVE-2025-29768: use glob '-' to protect filenames starting with '-'...
EUVD-2025-6963
Malicious code in bioql PyPI...
CVE-2024-6851
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
Directory Traversal
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Directory Traversal via the LocalFileManager.cleanup function, by crafting a malicious glob-pattern that is not verified to be within the directory managed by...
Aim Path Traversal vulnerability
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
CVE-2024-6851
In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...
CVE-2024-6851
CVE-2024-6851 affects aimhubio/aim v3.22.0. The LocalFileManager._cleanup function accepts a user-supplied glob-pattern and does not verify that matched files stay within the directory managed by LocalFileManager, allowing a crafted glob-pattern to delete arbitrary files. Reported impact is arbit...
SUSE CVE-2007-4782
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...
CVE-2022-46171
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...
CVE-2022-46171 Tauri vulnerable to path traversal
Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...