8 matches found
CVE-2026-15522
A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component runproject. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. T...
CVE-2026-53766 chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots
Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...
EUVD-2026-21174
PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in listfiles Bypasses Workspace Boundary...
PraisonAI 路径遍历漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 contained a path traversal vulnerability. This vulnerability stemmed from the validatepath function first calling os.path.normpath to fold the sequence, and then checkin...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview anthropic is a The official Python library for the anthropic API Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the validatepath function in the betabuiltinmemorytool.py file. An attacker can access files outside the intended...
CVE-2023-40035
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable...
PT-2023-27228 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions prior to 3.8.15 Craft versions prior to 4.4.15 Description: The issue is related to bypassing the validatePath function, which can lead to potential remote code execution. This can result in malicious control of vulnerable...
The vulnerability of the validate_path_is_safe() function in the machine learning lifecycle management platform allows a attacker to disclose sensitive information or execute arbitrary files.
The vulnerability of the validatepathissafe function in the machine learning model lifecycle management platform exists due to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose sensitive informatio...