Lucene search
K

116 matches found

EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score
Exploits0References6
NVD
NVD
added 4 days ago5 views

CVE-2026-50181

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 5:38 p.m.5 views

Relative Path Traversal

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Relative Path Traversal through improper validation of user-supplied file paths in the ReadFileTool and WriteFileTool components. An attacker can access or modify files outside the...

8.4CVSS6AI score0.00184EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/07/02 5:38 p.m.14 views

Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS5.8AI score0.00184EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55462

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.64.0 Description Langroid's ReadFileTool and WriteFileTool fail to properly enforce the working-directory boundary defined by curr dir. While the tools change the process working directory to curr dir, they do not...

7.1CVSS6AI score0.00184EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/17 3:4 p.m.21 views

EUVD-2025-210268

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

9.8CVSS6AI score0.00624EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10278

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.11 views

CVE-2026-7214

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS6.9AI score0.0041EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 5:30 p.m.9 views

CVE-2026-10278 ishayoyo excel-mcp read_file/write_file index.ts path traversal

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 5:30 p.m.33 views

CVE-2026-10278 ishayoyo excel-mcp read_file/write_file index.ts path traversal

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component readfile/writefile. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. Th...

6.5CVSS0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 5:30 p.m.20 views

CVE-2026-10278

CVE-2026-10278 affects the project ishayoyo excel-mcp up to 1.0.2. The vulnerability targets the file handling in the component’s src/index.ts, specifically read_file/write_file, where manipulating filePath/outputPath can cause a path traversal. The issue can be triggered remotely, and publicly d...

6.5CVSS6.2AI score0.00288EPSS
Exploits0References6
NVD
NVD
added 2026/06/01 4:16 a.m.20 views

CVE-2026-10219

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

7.5CVSS0.01336EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/01 3:15 a.m.11 views

CVE-2026-10219 nextlevelbuilder GoClaw write_file Tool fsbridge.go FsBridge.WriteFile os command injection

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component writefile Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. T...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References7
CVE
CVE
added 2026/06/01 3:15 a.m.25 views

CVE-2026-10219

CVE-2026-10219 affects NextLevelBuilder GoClaw up to version 3.11.3. The vulnerability lies in the function FsBridge.WriteFile (internal/sandbox/fsbridge.go) where manipulation can cause an OS command injection. The issue is exploitable remotely and an exploit has been made public. A patch is not...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

goclaw 操作系统命令注入漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

7.5CVSS7.7AI score0.01336EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/29 10:31 p.m.7 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6CVSS6.2AI score0.00051EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 8:29 a.m.32 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS0.00249EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2026/05/21 12:0 a.m.94 views

FUXA 1.2.9 - RCE

Exploit Title: FUXA 1.2.9 - RCE Date: 4/24/2026 Exploit Author: Anthony Cihan Hann1bl3L3ct3r Vendor Homepage: https://github.com/frangoteam/FUXA Version: Arbitrary File Write - RCE Affected: FUXA makes Node's path.resolve climb out of appDir to anywhere the FUXA process can write. fullPath/fileNa...

9.8CVSS5.8AI score0.02675EPSS
Exploits3
SUSE Linux
SUSE Linux
added 2026/05/06 7:26 a.m.4 views

Security update for sed

This update for sed fixes the following issue: CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

6.9CVSS5.8AI score0.00142EPSS
Exploits0References4
Rows per page
Query Builder