Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20750 matches found

Anthropic
Anthropicadded 2026/04/12 6:56 a.m.9 views

ANT-2026-BRQZSDGZ · minio · path-traversal

path-traversal medium GHSA-xh8f-g2qw-gcm7 Severity Claude critical · Security research firm high · Maintainer medium Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-BRQZSDGZ: minio: path-traversa...

7.5CVSS7.5AI score0.83957EPSS
Exploits13
Anthropic
Anthropicadded 2026/04/12 6:11 a.m.8 views

ANT-2026-CN7KX43N · nomad · path-traversal

path-traversal critical CVE-2026-7474 Severity Claude critical · Security research firm critical · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-CN7KX43N: nomad: path-traversal at...

8.8CVSS6.5AI score0.00542EPSS
Exploits0
GithubExploit
GithubExploitadded 2026/04/11 7:14 p.m.101 views

Exploit for Path Traversal in Redaxo

CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Lead...

8.3CVSS5.9AI score0.00493EPSS
Exploits3
SUSE CVE
SUSE CVEadded 2026/04/11 9:27 a.m.2 views

SUSE CVE-2026-1527

ImpactWhen an application passes user-controlled input to the upgrade option of client.request, an attacker can inject CRLF sequences \r\n to: Inject arbitrary HTTP headers Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services Redis, Memcached, Elasticsearch The...

4.6CVSS7.2AI score0.00256EPSS
Exploits0References4
Snyk
Snykadded 2026/04/10 10:11 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
Snyk
Snykadded 2026/04/10 10:11 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
Snyk
Snykadded 2026/04/10 10:11 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
Snyk
Snykadded 2026/04/10 10:11 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/10 9:22 p.m.1 views

CVE-2026-39983

A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed CRLF sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple command...

8.6CVSS6AI score0.01945EPSS
Exploits1References6
OSV
OSVadded 2026/04/10 9:0 p.m.1 views

GHSA-M5GR-86J6-99JP gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References5
Snyk
Snykadded 2026/04/10 9:0 p.m.3 views

Directory Traversal

Overview gramps-webapi is an A RESTful web API for the Gramps genealogical database. Affected versions of this package are vulnerable to Directory Traversal via the MediaImporter.checkdiskspaceandextract function. An attacker can write arbitrary files outside the intended extraction directory by...

9.1CVSS6.3AI score0.00401EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/10 9:0 p.m.7 views

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2026/04/10 8:16 p.m.3 views

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

8.7CVSS0.00387EPSS
Exploits1References3
Snyk
Snykadded 2026/04/10 7:39 p.m.1 views

Directory Traversal

Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Directory Traversal through the uninstall process when handling RECORD entries containing relative paths that traverse outside the intended installation...

3.1CVSS6.3AI score
Exploits0References2
CVE
CVEadded 2026/04/10 7:35 p.m.14 views

CVE-2026-40180

CVE-2026-40180 affects Quarkus OpenAPI Generator’s ApicurioCodegenWrapper unzip() path: entries are extracted without validating that the resolved path stays inside the output directory, constructing destination as new File(toOutputDir, entry.getName()). This can allow path traversal (e.g., ../.....

8.7CVSS5.8AI score0.00387EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/04/10 7:35 p.m.21 views

CVE-2026-40180 Zip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper class

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

8.7CVSS0.00387EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/10 7:35 p.m.4 views

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

8.7CVSS5.8AI score0.00387EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/10 7:35 p.m.1 views

CVE-2026-40180 Zip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper class

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

8.7CVSS5.8AI score0.00387EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/10 7:35 p.m.2 views

EUVD-2026-21583

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

8.7CVSS5.8AI score0.00387EPSS
Exploits1References3
OSV
OSVadded 2026/04/10 7:32 p.m.2 views

GHSA-VW86-C94W-V3X4 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

Summary The endpoint /api/av/removeUnusedAttributeView is vulnerable to a path traversal CWE-22 that allows an attacker to delete arbitrary .json files on the server. The issue arises because user-controlled input id is directly used in filesystem path construction without validation or...

8.5CVSS6AI score0.00287EPSS
Exploits0References4
Rows per page
Query Builder