Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20730 matches found

CVE
CVEadded 2026/04/20 11:24 p.m.44 views

CVE-2026-35570

CVE-2026-35570 affects the OpenClaude project. A logic flaw in the function bashToolHasPermission() (in src/tools/BashTool/bashPermissions.ts) causes an early exit with an allow decision when sandbox auto-allow is enabled and no explicit deny rule exists, bypassing the path constraint check (chec...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References2Affected Software1
NVD
NVDadded 2026/04/20 10:16 p.m.1 views

CVE-2026-29643

XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...

7.1CVSS0.00164EPSS
Exploits0References4
NVD
NVDadded 2026/04/20 9:16 p.m.3 views

CVE-2026-33431

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...

7.1CVSS0.00392EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/20 8:24 p.m.30 views

CVE-2026-33431 Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...

7.1CVSS0.00392EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/20 8:24 p.m.1 views

CVE-2026-33431

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...

7.1CVSS5.9AI score0.00392EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/20 8:24 p.m.1 views

CVE-2026-33431 Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...

7.1CVSS5.9AI score0.00392EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/20 8:24 p.m.1 views

EUVD-2026-23966

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config//show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently opened and it...

7.1CVSS5.9AI score0.00392EPSS
Exploits1References2
CVE
CVEadded 2026/04/20 8:24 p.m.20 views

CVE-2026-33431

Roxy-WI vulnerability CVE-2026-33431: before 8.2.6.4, the POST /config//show endpoint uses a user-supplied configver to form a local file path, bypassing the path-traversal guard limited to the base directory. An authenticated attacker can supply ../ sequences to read arbitrary files accessible t...

7.1CVSS5.9AI score0.00392EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/04/20 7:31 p.m.3 views

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

8.5CVSS6.6AI score0.00502EPSS
Exploits1References3
Snyk
Snykadded 2026/04/20 6:54 p.m.5 views

Directory Traversal

Overview com.github.junrar:junrar is a rar decompression library in plain java. Affected versions of this package are vulnerable to Directory Traversal via the LocalFolderExtractor component. An attacker can overwrite files in sibling directories by tricking a user into extracting a specially...

7.5CVSS6.4AI score0.00318EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/20 6:31 a.m.3 views

EUVD-2026-23757

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS5.9AI score0.00277EPSS
Exploits0References4
NVD
NVDadded 2026/04/20 4:16 a.m.17 views

CVE-2026-32964

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS0.00277EPSS
Exploits0References3
CVE
CVEadded 2026/04/20 3:17 a.m.14 views

CVE-2026-32964

The affected products are SD-330AC and AMC Manager by Silex Technology, Inc. The vulnerability is a CRLF Injection due to improper neutralization, where processing crafted configuration data can cause arbitrary entries to be injected into the system configuration. This is the root cause and the p...

6.9CVSS5.9AI score0.00277EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/04/20 3:17 a.m.30 views

CVE-2026-32964

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS0.00277EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/20 3:17 a.m.2 views

CVE-2026-32964

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS5.9AI score0.00277EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichmentadded 2026/04/20 3:17 a.m.1 views

CVE-2026-32964

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS5.9AI score0.00277EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/04/20 12:0 a.m.7 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

6.9CVSS7.2AI score0.00277EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2026/04/20 12:0 a.m.49 views

📄 dcontrol 1.0.9 Local File Inclusion

dcontrol version 1.0.9 suffers from an unauthenticated local file inclusion vulnerability via a path traversal. Exploit Title: dcontrol v1.0.9 - Unauthenticated Local File Inclusion LFI Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dcontrol Software Link...

5.8AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.2 views

PT-2026-33702

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS5.9AI score0.00277EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.2 views

PT-2026-33797

The Dataflow module in OpenMage LTS uses a weak blacklist filter str replace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to re...

4.9CVSS6AI score0.00502EPSS
Exploits1References8
Rows per page
Query Builder