Excel MCP Server path traversal vulnerability

Excel MCP Server is an Excel and CSV file reading/writing/analysis tool developed by ishayoyo as a personal project. Versions of Excel MCP Server 1.0.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the filePath/outputPath parameters in...

CVE-2026-9351

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

CVE-2026-9351

CVE-2026-9351 affects NousResearch Hermes-agent up to version 2026.4.16. The vulnerability resides in the read_file Tool’s file_tools.py, specifically the _is_blocked_device function, enabling path traversal through input manipulation. Attack vector is network with low complexity and no authentic...

CVE-2026-22682 OpenHarness Improper Access Control via File Tools

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

Zed < 0.225.9 Symlink Escape (CVE-2026-27967)

The version of Zed installed on the remote host is prior to 0.225.9. It is, therefore, affected by a symlink escape vulnerability: - A symlink escape vulnerability exists in the Zed Agent file tools readfile, editfile that allows reading and writing files outside the project directory when a...

PaddlePaddle 安全漏洞

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. A security vulnerability exists in PaddlePaddle version 2.6.0, which stems from allowing arbitrary files to be read via paddle.vision.ops.readfile...

CVE-2023-30079

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-22652. Reason: This record is a duplicate of CVE-2023-22652. Notes: All CVE users should reference CVE-2023-22652 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c

A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service...

SUSE CVE-2021-3710

An information disclosure via path traversal was discovered in apport/hookutils.py function readfile. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior ...

SUSE CVE-2021-32550

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users...

SUSE CVE-2021-32547

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users...

CVE-2021-3710

An information disclosure via path traversal was discovered in apport/hookutils.py function readfile. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior ...

CVE-2021-3710

An information disclosure via path traversal was discovered in apport/hookutils.py function readfile. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior ...

Path traversal

An information disclosure via path traversal was discovered in apport/hookutils.py function readfile. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior ...

CVE-2021-3710

An information disclosure via path traversal was discovered in apport/hookutils.py function readfile. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior ...

CVE-2021-32554

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users...

CVE-2021-32549

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...

CVE-2021-32549

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...

CVE-2021-32551

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users...

CVE-2021-32548

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users...