Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20750 matches found

UbuntuCve
UbuntuCveadded 2026/04/09 6:17 p.m.0 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.8AI score0.01945EPSS
Exploits1References4
OSV
OSVadded 2026/04/09 6:17 p.m.1 views

UBUNTU-CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.8AI score0.01945EPSS
Exploits1References5
EUVD
EUVDadded 2026/04/09 5:5 p.m.1 views

EUVD-2026-20976

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.9AI score0.01945EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/09 5:5 p.m.15 views

CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS0.01945EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/09 5:5 p.m.0 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.9AI score0.01945EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2026/04/09 5:5 p.m.20 views

CVE-2026-39983

Summary: CVE-2026-39983 affects the Node.js FTP client package basic-ftp prior to v5.2.1. The vulnerability arises from FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level APIs (cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), removeDir()). Th...

8.6CVSS5.9AI score0.01945EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2026/04/09 5:5 p.m.2 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.3AI score0.01945EPSS
Exploits1
Cvelist
Cvelistadded 2026/04/09 5:1 p.m.18 views

CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS0.01318EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/09 5:1 p.m.1 views

EUVD-2026-20974

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS6AI score0.01318EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/04/09 5:1 p.m.0 views

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS6AI score0.01318EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/09 5:1 p.m.2 views

CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS5.9AI score0.01318EPSS
Exploits1References3
CVE
CVEadded 2026/04/09 5:1 p.m.11 views

CVE-2026-39981

CVE-2026-39981 affects AGiXT (dynamic AI Agent Automation Platform). The vulnerability is in the safe_join() function of the essential_abilities extension, where path validation fails and allows directory traversal to read, write, or delete arbitrary files on the server. This requires authenticat...

8.8CVSS6AI score0.01318EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/04/09 12:31 a.m.3 views

EUVD-2026-20759

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.5AI score0.00167EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/04/09 12:0 a.m.4 views

Basic FTP 安全漏洞

Basic FTP is a Node.js FTP client library developed by Patrick Juchli. Versions of Basic FTP prior to 5.2.1 contained a security vulnerability; this vulnerability stemmed from the possibility of CRLF sequences being present in file path parameters, which could lead to FTP command injection attack...

8.6CVSS5.8AI score0.01945EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/04/09 12:0 a.m.3 views

AGiXT 路径遍历漏洞

AGiXT is an AI automation platform developed by Josh XT, supporting multiple models and extended functions. Prior to AGiXT version 1.9.2, there was a path traversal vulnerability. This vulnerability stemmed from the safejoin function not verifying whether the file path was within the specified...

8.8CVSS5.8AI score0.01318EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2026/04/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/04/08 10:35 p.m.2 views

CVE-2026-40024

A flaw was found in The Sleuth Kit, specifically in the tskrecover tool. An attacker can exploit this path traversal vulnerability by providing a specially crafted filesystem image containing malicious filenames or directory paths with path traversal sequences. This allows the attacker to write...

8.4CVSS6.5AI score0.00167EPSS
Exploits0References6
NVD
NVDadded 2026/04/08 10:16 p.m.1 views

CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS0.00167EPSS
Exploits0References3
OSV
OSVadded 2026/04/08 10:16 p.m.1 views

DEBIAN-CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

7.1CVSS6.2AI score0.00167EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/08 10:16 p.m.1 views

CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References4
Rows per page
Query Builder