Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.13 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:22 p.m.52 views

CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS0.00375EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 2:22 p.m.14 views

EUVD-2026-32522

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:22 p.m.10 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 2:22 p.m.13 views

CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.28 views

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00375EPSS
Exploits0References4
OSV
OSV
added 2025/06/03 1:15 p.m.8 views

AZL-62313 CVE-2025-4330 affecting package python3 for versions less than 3.9.19-14

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS7.1AI score0.00767EPSS
Exploits2References1
Rows per page
Query Builder