Lucene search
K

67 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-56260

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS0.00421EPSS
Exploits0References3
CVE
CVE
added 2 days ago15 views

CVE-2026-56260

CVE-2026-56260 affects Crawl4AI

9.1CVSS6.2AI score0.00421EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago10 views

EUVD-2026-43227

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS6.2AI score0.00421EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

8.8CVSS6.2AI score0.00421EPSS
Exploits0References5
CVE
CVE
added 4 days ago6 views

CVE-2026-60089

Prais onAI (pip package praisonaiagents) prior to version 1.6.78 is affected by a path-traversal issue: defaults loaded from a project-local .praisonai/config.toml can set defaults.output.output_file to an absolute or .. traversal path. If an Agent is started without an explicit output parameter,...

6.9CVSS6.1AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42895

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS6.1AI score0.00141EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/23 1:16 p.m.8 views

PYSEC-0000-CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS6.4AI score0.00656EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.8 views

CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS0.00656EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 12:43 p.m.3 views

SUSE-SU-2026:22347-1 Security update for 7zip

This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...

8.8CVSS6.4AI score0.00938EPSS
Exploits8References17
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.32 views

CVE-2026-56258 Crawl4AI - Arbitrary File Write via output_path Symlink and TOCTOU

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS0.00656EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.5 views

CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS6.5AI score0.00656EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:12 p.m.15 views

CVE-2026-56258

CVE-2026-56258 affects Crawl4AI prior to 0.8.8. An arbitrary file write exists in the screenshot and PDF endpoints via output_path, exploiting insufficient path validation and symlink following with TOCTOU. Unauthenticated remote attackers can write files outside the intended directory, potential...

9.2CVSS6.5AI score0.00656EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 3:4 p.m.9 views

GHSA-RVP7-W75Q-9FV2 BBOT: Symlink-Following Arbitrary Write via github_workflows Module

The githubworkflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location...

2.2CVSS5.2AI score0.00091EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 9:51 p.m.21 views

CVE-2026-12567 Symlink-following arbitrary write via github_workflows module

The githubworkflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location...

2.2CVSS0.00091EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 9:2 p.m.14 views

GHSA-7CX2-G3H9-382P Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server

Summary Three backward-compatible hardening fixes in the Docker API server. The headline issue is an arbitrary file write via the screenshot/PDF outputpath. 1. Arbitrary file write via outputpath symlink / TOCTOU primary POST /screenshot and POST /pdf accept an outputpath constrained to...

8.1CVSS5.7AI score0.00656EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS5.6AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 5:30 p.m.20 views

CVE-2026-10278

CVE-2026-10278 affects the project ishayoyo excel-mcp up to 1.0.2. The vulnerability targets the file handling in the component’s src/index.ts, specifically read_file/write_file, where manipulating filePath/outputPath can cause a path traversal. The issue can be triggered remotely, and publicly d...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45499

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read file/write file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely...

6.5CVSS5.5AI score0.00288EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/27 5:33 p.m.14 views

EUVD-2026-32614

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated...

8.2CVSS5.8AI score0.00243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mctp: route: hold key-lock in mctpflowprepareoutput The mctpflowprepareoutput function checks key-dev and may call mctpdevsetkey. However, it does not hold key-lock during this process. Both mctpdevsetkey and mctpdevreleasekey...

5.5CVSS6.3AI score0.00114EPSS
Exploits0References1
Rows per page
Query Builder