Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20879 matches found

Snyk
Snykadded 2026/02/04 6:52 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Snyk
Snykadded 2026/02/04 6:52 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Snyk
Snykadded 2026/02/04 6:52 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Snyk
Snykadded 2026/02/04 6:52 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Snyk
Snykadded 2026/02/04 6:52 p.m.3 views

Directory Traversal

Overview github.com/alist-org/alist/v3/server/handles is a file listing program powered by Gin and Solidjs Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
OSV
OSVadded 2026/02/04 6:52 p.m.4 views

GHSA-X4Q4-7PHH-42J9 Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...

8.8CVSS5.6AI score0.00721EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2026/02/04 6:52 p.m.10 views

Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...

8.8CVSS5.6AI score0.00721EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2026/02/04 11:40 a.m.7 views

SUSE-SU-2026:20229-1 Security update for cups

This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues bsc1253783. - CVE-2025-58436: slow client communication leads to a possible DoS attack bsc1244057. - CVE-2025-58364:...

8CVSS6.5AI score0.01063EPSS
Exploits4References10
OSV
OSVadded 2026/02/04 11:40 a.m.4 views

SUSE-SU-2026:20231-1 Security update for cups

This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues bsc1253783. - CVE-2025-58436: slow client communication leads to a possible DoS attack bsc1244057. - CVE-2025-58364:...

8CVSS6.5AI score0.01063EPSS
Exploits4References10
OSV
OSVadded 2026/02/04 11:37 a.m.1 views

OPENSUSE-SU-2026:20172-1 Security update for cups

This update for cups fixes the following issues: Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues bsc1253783. - CVE-2025-58436: slow client communication leads to a possible DoS attack bsc1244057. - CVE-2025-58364:...

8CVSS7.2AI score0.01063EPSS
Exploits4References9
Snyk
Snykadded 2026/02/04 7:2 a.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview directorytree/imapengine is a fully-featured IMAP library -- without the PHP extension. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to...

7.6CVSS5.7AI score0.00351EPSS
Exploits0References2
Snyk
Snykadded 2026/02/04 4:2 a.m.2 views

Directory Traversal

Overview @google/clasp is a Develop Apps Script Projects locally Affected versions of this package are vulnerable to Directory Traversal in the fetchRemote function in files.ts. An attacker can overwrite files outside the intended project directory via pull and clone commands. Details A Directory...

8.8CVSS6.3AI score0.00465EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/02/04 3:15 a.m.6 views

CVE-2026-25059

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

8.8CVSS5.5AI score0.00598EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/02/04 3:15 a.m.5 views

CVE-2025-66480

Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in the im-server component related to the file upload functionality found in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes an endpoint /fs that handles...

9.8CVSS5.7AI score0.01395EPSS
Exploits0References1
Snyk
Snykadded 2026/02/04 12:9 a.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the LicensingInfos function, which reads license files specified in the copyright.license-path field without validating that paths remain within the workspace directory. An attacker can access and exfiltrate...

8.7CVSS6.5AI score0.00168EPSS
Exploits0References2
Snyk
Snykadded 2026/02/04 12:9 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the LicensingInfos function, which reads license files specified in the copyright.license-path field without validating that paths remain within the workspace directory. An attacker can access and exfiltrate...

8.7CVSS6.5AI score0.00168EPSS
Exploits0References2
OSV
OSVadded 2026/02/04 12:9 a.m.3 views

GHSA-2W4F-9FGG-Q2V9 melange has a path traversal in license-path which allows reading files outside workspace

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/02/04 12:9 a.m.11 views

melange has a path traversal in license-path which allows reading files outside workspace

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/04 12:0 a.m.2 views

PT-2026-6272

Name of the Vulnerable Software and Affected Versions melange versions 0.14.0 through 0.40.2 Description melange allows users to build apk packages using declarative pipelines. An attacker who can influence a melange configuration file could read arbitrary files from the host system. The...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References12
Positive Technologies
Positive Technologiesadded 2026/02/04 12:0 a.m.3 views

PT-2026-6349

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References5
Rows per page
Query Builder