Lucene search
K

109 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-60088

CVE-2026-60088 affects PraisonAI prior to 4.6.78. The issue is a path traversal flaw in custom command templates, where file paths are not validated, allowing an attacker to read files outside the workspace (e.g., @../outside_secret.txt or absolute paths) and exfiltrate process-readable files int...

6.8CVSS6.1AI score0.00147EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-61432

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS0.00278EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59149

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWithstaticBaseDir. That prefix test has no path-separator boundary, so a...

6.5CVSS5.9AI score0.0033EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/07/06 8:16 p.m.3 views

DEBIAN-CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 7:25 p.m.35 views

CVE-2026-58403 Hugo symlink confinement bypass in os.ReadFile

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

5.9CVSS0.00318EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 7:25 p.m.4 views

CVE-2026-58403 Hugo symlink confinement bypass in os.ReadFile

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

5.9CVSS5.9AI score0.00318EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 5:38 p.m.5 views

GHSA-FG23-3346-88F5 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS5.8AI score0.00184EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:29 p.m.8 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Thunderbird

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or the connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51461

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...

9.6CVSS5.8AI score0.00494EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/06/16 8:12 p.m.14 views

Hugo: Symlink confinement bypass in resources.Get

Commit: f8b5fa09a6 — Fix prevention of direct symlink reads in resources.Get Affected versions: v0.123.0 through v0.161.1. Earlier versions are not affected. Fixed in: v0.162.0. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mount...

6.9CVSS5.6AI score0.00275EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/09 11:0 p.m.24 views

CVE-2026-46491

CVE-2026-46491 affects the simplesamlphp-module-casserver when using the FileSystemTicketStore. A attacker-controlled ticket identifier is concatenated into the ticket path, enabling path traversal (e.g., ../target.serialized) to read and unserialize files outside the ticket directory. In the CAS...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.9 views

CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 1:41 p.m.8 views

CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

4.6CVSS5.9AI score0.00152EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42598

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: file id is used to construct both...

5.3CVSS6.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/15 6:7 p.m.17 views

SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...

8.6CVSS5.8AI score0.00422EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/12 10:16 p.m.23 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS0.00609EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/05/12 10:16 p.m.12 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References5
NVD
NVD
added 2026/05/12 3:16 p.m.34 views

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

4.7CVSS0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:58 p.m.10 views

CVE-2026-5061

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

4.7CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder