Lucene search
K

21421 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39847

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

9.1CVSS5.6AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.7 views

CVE-2026-39387

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

7.2CVSS5.8AI score0.00731EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44522

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

8.6CVSS5.7AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-8134

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...

9.4CVSS6AI score0.00738EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:57 p.m.10 views

CVE-2020-37219

Joomla comfabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjaxfiles method with path traversal sequences to enumerate files in system directories...

8.7CVSS5.6AI score0.00716EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 6:19 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the cluster-admin:backup-datastore component. The user-controlled input of the filePath argument to the BackupDatastoreCommand passes its value into the fileName parameter of a ObjectOutputStream invocations, whic...

9.1CVSS6.2AI score0.00686EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 6:11 p.m.4 views

Directory Traversal

Overview ait-core is a NASA JPL's Ground Data System toolkit for Instrument and CubeSat Missions Affected versions of this package are vulnerable to Directory Traversal in the StreamCaptureManagerServer process when handling unauthenticated HTTP POST requests to the /NAME/start endpoint. An...

9.1CVSS6.7AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 4:20 p.m.6 views

Directory Traversal

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Directory Traversal in the process that handles SQLite source filenames. An attacker can gain unauthorized access to or modify internal application data by supplying a crafted filename that points to arbitrary files...

5.4CVSS6.1AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:49 p.m.8 views

OESA-2026-2578 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior ...

9.8CVSS5.4AI score0.00813EPSS
Exploits0References5
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2571 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS8.4AI score0.0036EPSS
Exploits2References2
OSV
OSV
added 2026/06/05 3:48 p.m.10 views

OESA-2026-2570 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS8.4AI score0.0036EPSS
Exploits2References2
OSV
OSV
added 2026/06/05 3:25 p.m.7 views

GHSA-C66C-VQ6W-FVH5 Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

2.7CVSS5.7AI score0.00043EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/05 3:25 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreateSchematic process. An attacker can access unintended server paths and obtain internal error responses by supplying crafted input to the talosVersion parameter containing directory traversal...

5.1CVSS5.8AI score0.00043EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/05 3:25 p.m.14 views

Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

5.7AI score0.00043EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/05 10:41 a.m.3 views

SUSE-SU-2026:22081-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.2AI score0.00531EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 10:40 a.m.4 views

OPENSUSE-SU-2026:20908-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.4AI score0.00531EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 9:39 a.m.14 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios. CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

10CVSS5.7AI score0.00838EPSS
Exploits12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/05 7:26 a.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the...

9.1CVSS7.8AI score0.00633EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/05 5:40 a.m.6 views

BIT-AIRFLOW-2026-40861 Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.6AI score0.00665EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.18 views

MOLOT System Card: Malicious Operational Logic Observation Transformer

MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...

5.8AI score
Exploits0
Rows per page
Query Builder