This page collects WhisperX intelligence signals tagged #Arbitrary File Write. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been disclosed in the widely-used Python code formatter, Black. The flaw, tracked as CVE-2026-32274, stems from improper sanitization of user input when generating cache filenames. Specifically, the value of the `--python-cell-magics` command-line argument is incorporated into a ca...
A critical path traversal vulnerability in the popular JavaScript CDN and ESM transpiler, esm.sh, has been publicly documented, allowing attackers to write arbitrary files to the server. The flaw, tracked as CVE-2025-59342, affects versions v136 and earlier. This is not a theoretical risk; the vulnerability template ha...
A Path Traversal vulnerability has been identified in python-multipart versions up to 0.0.20, enabling attackers to write uploaded files to arbitrary filesystem locations under specific non-default configuration conditions. The flaw, catalogued as CVE-2026-24486, resides in how the library handles file path constructio...
A critical path traversal vulnerability has been disclosed in Rollup, the widely-used JavaScript module bundler, affecting versions 4.x and current source code. Tracked as CVE-2026-27606 and published through GitHub's security advisory system (GHSA-mw96-cpmx-2vgc), the flaw enables attackers to manipulate output filena...