98 matches found
EUVD-2026-40351
Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...
PYSEC-2026-338 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
Technical Description The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the buildurl method. When an OpenAPI...
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...
Open WebUI: Any authenticated user can read other users' private notes via Socket.IO
Summary The ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores documentid.replace":", "". An attacker can join a document room using no...
GHSA-78V8-VPJP-CJQH PDM wheel installation leads to Path Traversal via overridden write_to_fs
InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...
CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-4609
The CVE-2026-4609 entry concerns the WordPress plugin ProfileGrid – User Profiles, Groups and Communities. Affected versions are all up to and including 5.9.8.4. The vulnerability stems from a missing capability check in the pm_invite_user function, allowing authenticated users with Subscriber-le...
CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Group Joining vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.8.4...
OpenSearch has ineffective TLS certificate hostname verification
Description A regression was introduced in OpenSearch 2.18.0 that caused the plugins.security.ssl.transport.enforcehostnameverification setting to be ineffective. When this setting was enabled, OpenSearch did not verify that the hostname in a connecting node's TLS certificate matched the hostname...
CVE-2026-33182
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
CVE-2019-25544
A flaw was found in Pidgin. Local attackers can exploit this denial of service vulnerability by providing an excessively long username string during account creation. This can cause the application to crash when joining a chat, leading to the application becoming unavailable...
EUVD-2019-19837
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat,...
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal
Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...
CVE-2026-24125 Path Traversal in @tinacms/graphql
Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...
PT-2026-25007
Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...
CVE-2026-30969
CVE-2026-30969 affects Coral Server prior to version 1.1.0, where active-session authentication between agents and the server was not enforced. An attacker who could obtain or predict a session identifier could impersonate an agent or join an existing session. The issue is resolved in version 1.1...
CVE-2026-27467 BigBlueButton: Audio from participants to the server initially unmuted
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...
PT-2026-21365
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...