Comment and Control: Hijacking Agentic Workflows Via Context-Grounded Evolution

Automation platforms such as GitHub Actions and n8n are increasingly adopting so-called agentic workflows, which integrate Large Language Model LLM agents for tasks such as code review and data synchronization. While bringing convenience for developers, this integration exposes a new risk: An...

@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

Summary When using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed without authorization. In particular, paths containing encoded slashes %2F may be...

UBUNTU-CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

GAPS: Guiding Dynamic Android Analysis with Static Path Synthesis

Dynamically resolving method reachability in Android applications remains a critical and largely unsolved problem. Despite notable advancements in GUI testing and static call graph construction, current tools are insufficient for reliably driving execution toward specific target methods, especial...

CVE-2025-1086

The CVE-2025-1086 entry concerns Safetytest Cloud-Master Server (up to version 1.1.1). The issue is a path traversal in files under /static/ exploitable via remote access (../filedir). Public exploit/info has circulated; vendor response is not documented. Affected component/impact details beyond ...

CVE-2023-6750

The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path...

Pyramid vulnerable to directory traversal

Overview Pyramid provided by Pylons Project contains a directory traversal vulnerability. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact index.html located one directory abov...

DEBIAN-CVE-2023-40587

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...

PT-2023-12123 · Mercury · Mercury Mac1200R

Name of the Vulnerable Software and Affected Versions: Mercury MAC1200R devices affected versions not specified Description: A directory traversal issue allows attackers to read arbitrary files via a web-static/ URL. This affects Mercury MAC1200R devices, enabling attackers to access files they...

GHSA-MPMF-HR8P-P49G Sanic arbitrary file read and directory traversal

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...

oswatcher security update

9.0.0-5 - Use static path configuration for oswatcher scripts CVE-2021-2464 Orabug: 33220951...

PYSEC-2017-40

Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring...