2161 matches found
CVE-2026-59807
CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...
google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...
CVE-2026-14487
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
CVE-2026-14487 Simple Coherent Form <= 2.4.13 - Unauthenticated Arbitrary File Deletion via 'id' Parameter
The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...
Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...
PYSEC-2026-1454 Home Assistant Core before is vulnerable to Directory Traversal
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...
CVE-2026-12277
The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
CVE-2026-9725
The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...
CVE-2026-7311
The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...
CVE-2026-5821
The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...
PT-2026-55284
Name of the Vulnerable Software and Affected Versions TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress versions prior to 3.6.14 Description Insufficient file path validation in the delete converted image size function allows authenticated attackers with author-level access or...
CVE-2026-56377 ImageMagick - Policy Bypass via Incorrect Path Validation
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...
CVE-2026-56876
A flaw was found in extract-zip. This vulnerability allows a remote attacker to craft a malicious zip file containing symbolic links that point to locations outside the intended extraction directory. When a user extracts this malicious archive, extract-zip fails to validate the symlink targets,...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
EUVD-2026-39628
An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...
CVE-2026-50549
Cursor before version 3.0 contains a sandbox escape: if path canonicalization fails, a write can be redirected via an in-workspace symlink to arbitrary locations outside the workspace, enabling non-sandboxed Remote Code Execution under the user’s privileges. Affected: Cursor editor (pre-3.0) with...
CVE-2026-50015
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...
USN-8473-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...
CVE-2026-10712
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path...