Lucene search
K

7 matches found

NVD
NVD
added 2026/06/30 5:16 p.m.8 views

CVE-2026-58170

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS0.00416EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 5:16 p.m.9 views

CVE-2026-58173

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 3:55 p.m.34 views

CVE-2026-58173 Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS0.00307EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 3:55 p.m.13 views

CVE-2026-58173

Vibe-Trading prior to 0.1.10 is affected by a path traversal vulnerability in which the memory_type value, supplied via the remember tool to the persistent memory store, enables writing files outside the intended memory root. This can allow an attacker to create arbitrary Markdown files at uninte...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 3:54 p.m.35 views

CVE-2026-58171 Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier

Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...

4.2CVSS0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53924

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description A path traversal issue exists in the remember tool, allowing attackers to write arbitrary Markdown files to unintended locations on the filesystem. This is achieved by supplying a malicious...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-53922

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The application constructs the swarm run directory by joining a caller-supplied run identifier to the runs base directory without proper validation in the run dir function located in...

4.2CVSS6AI score0.00253EPSS
Exploits0References9
Rows per page
Query Builder