639 matches found
CVE-2026-49984 Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...
CVE-2026-53106
A flaw was found in the Linux kernel's Berkeley Packet Filter BPF local storage. This vulnerability can lead to a system deadlock when local storage is deleted within a Non-Maskable Interrupt NMI context. An attacker could potentially exploit this by triggering the deletion of BPF local storage...
EUVD-2025-210339
Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...
CVE-2025-71333 Flowise - Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint
Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...
CVE-2025-71333
Flowise (v2.2.4) contains an unauthenticated arbitrary file upload vulnerability at the /api/v1/attachments endpoint when storageType is set to local. The issue allows path traversal via chatId and chatflowId parameters to upload files to arbitrary directories, potentially enabling remote code ex...
PT-2026-52612
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.5 Description An unauthenticated arbitrary file upload issue exists when storageType is set to local. This allows attackers to use path traversal—a technique used to access files and directories outside the intend...
CVE-2026-53106
CVE-2026-53106 affects the Linux kernel BPF storage deletion flow. The issue arises when local storage is freed via kfree_rcu(), call_rcu(), or call_rcu_tasks_trace() in NMI or reentrant contexts, which can lead to a deadlock. The documented mitigation in NMI is to return an error from bpf_xxx_st...
CVE-2026-47387
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage, which is potentially vulnerable to attacks via XSS attacks. The most significant threat of this vulnerability is related to data...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed out-of-bounds access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can occur through tail calls. This occurs when two programs each utilize a cgroup local storage with a...
PT-2026-51100
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description The logout button fails to clear the user session, allowing a previous user to remain logged in unless another user explicitly authenticates. This occurs because the '/logout' endpoint deletes...
CVE-2026-53781
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...
CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...
CVE-2026-53781
The CVE affects the Summarize utility prior to version 0.17.0. Vulnerable path is the temp-file-based media download, where an unbounded response can be streamed via the download/response path, causing disk and resource exhaustion. Root cause: responses bypass the enforced size limit due to missi...
Summarize 安全漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contain security vulnerabilities. These vulnerabilities stem from resource exhaustion. A remote attacker can exploit these vulnerabilities by bypassing the mandatory size lim...
CVE-2026-49740 TYPO3 CMS - Insecure Deserialization in Core API
TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...
Windows Notepad Markdown Link Exposure Test
This Metasploit auxiliary module is a non-exploit, safety-focused research tool designed to generate a Markdown file for analyzing how Windows Notepad handles external links. It creates a controlled test document containing a user-defined URL and stores it locally for inspection...
CVE-2026-49128
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
NocoDB: Stored Cross-Site Scripting via Form View Redirect URL
Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...
CVE-2026-44543
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by...