File-Write

PraisonAI's template loader is vulnerable to a path traversal flaw (GHSA-f44v-7qgw-9gh9) when processing GitHub template URIs, allowing an unauthenticated attacker to write arbitrary files or delete arbitrary directories on the system running PraisonAI, leading to corruption of user configuration, project state, or application data.

Casdoor version 3.54.1 is vulnerable to a path traversal attack, allowing arbitrary file writes on the system, with a public exploit available.

Dalfox in REST API server mode is vulnerable to CVE-2026-45089, an unauthenticated arbitrary file create/append vulnerability, due to the `output`, `output-all`, and `debug` options being deserialized directly from the attacker's request body, allowing a network caller to create or append to any file writable by the dalfox process.

Grav CMS is vulnerable to an unauthenticated path traversal vulnerability within the FormFlash component, allowing attackers to create arbitrary directories and write files, leading to configuration injection and potential denial of service; fixed in version 2.0.0-beta.2.

CVE-2026-34978 is a path traversal vulnerability in OpenPrinting CUPS that allows writing files outside the CacheDir/rss directory, potentially overwriting the job.cache file.

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files by uploading a malicious tar archive containing symlinks, leading to arbitrary file write on the remote host.

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed, allowing attackers to write files outside the intended custom-agent directory.

Unauthenticated attackers can exploit a vulnerability in Saltcorn versions prior to 1.4.5, 1.5.5, and 1.6.0-beta.4 to write arbitrary files and list directory contents on the server.

BugSink 2.1.0 is vulnerable to an authenticated file write vulnerability (CVE-2026-40162) allowing an attacker with a valid authentication token to write arbitrary content to the filesystem, potentially leading to code execution or data compromise.

A path traversal vulnerability exists in prompts.chat prior to commit 0f8d4c3, allowing attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames.

The @mobilenext/mobile-mcp package before version 0.0.49 is vulnerable to a Path Traversal vulnerability in the mobile_save_screenshot and mobile_start_screen_recording tools where the `saveTo` and `output` parameters are passed directly to filesystem operations without validation, potentially allowing an attacker to write files outside the intended workspace, leading to privilege escalation and persistence by overwriting sensitive host files.