Lucene search
+L

2084 matches found

Nuclei
Nuclei
added 12 hours ago72 views

Gradio - Absolute Path Traversal

Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...

7.5CVSS8.5AI score0.03095EPSS
Exploits1References2
Nuclei
Nuclei
added 12 hours ago52 views

LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS7.4AI score0.01957EPSS
Exploits1References3
Nuclei
Nuclei
added 12 hours ago72 views

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...

7.5CVSS7.6AI score0.11733EPSS
Exploits3References4
CVE
CVE
added yesterday26 views

CVE-2026-44174

Kirby CMS (versions prior to 4.9.1 and 5.4.1) exposes REST API search and collection queries that did not validate model attributes, allowing authenticated users to invoke arbitrary model methods (e.g., password(), root(), loginPasswordless(), delete()) via collection endpoints. This can disclose...

8.7CVSS6.2AI score0.0007EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday28 views

CVE-2026-53598 Prompty: Arbitrary File Read via ${file:path} Reference Expansion

Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...

7.5CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-53598

The CVE-2026-53598 issue affects Prompty (.prompty) loaders that expanded ${file:...} references in frontmatter before 2.0.0-beta.2, allowing an attacker-controlled prompt to read local files via absolute paths, .. traversal, or symlink escapes. Root cause: path confinement was not enforced durin...

7.5CVSS6.1AI score
Exploits0References2
OSV
OSV
added 3 days ago4 views

CVE-2026-15392 DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location

DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The completetablename method builds the absolute table file path without checking whether the file is a symbolic link. A link inside the data directory can point to a table file at any...

7.7CVSS6.1AI score0.00196EPSS
Exploits0References8
CVE
CVE
added 3 days ago9 views

CVE-2026-15392

DBD::File for Perl is affected in versions before 1.651. The issue arises because complete_table_name builds an absolute path to the table file without verifying symbolic links, enabling a symlink inside the data directory to point to a table file anywhere outside configured f_dir/f_dir_search di...

7.7CVSS6.1AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 1:58 p.m.2 views

CVE-2026-60089 PraisonAI before 1.6.78 Path Traversal via config.toml

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS6.1AI score0.00141EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/10 12:31 a.m.7 views

EUVD-2026-42768

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References4
NVD
NVD
added 2026/07/09 10:17 p.m.6 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS0.00248EPSS
Exploits1References3
CVE
CVE
added 2026/07/09 12:0 a.m.7 views

CVE-2026-39243

The CVE-2026-39243 entry concerns decompress before 4.2.2, where archive extraction can create arbitrary hardlinks. During processing of hardlink entries (type === 'link'), the x.linkname field is passed directly to fs.link() without validation, enabling an attacker to craft an archive whose hard...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.6 views

PT-2026-56968

Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An issue exists during archive extraction where arbitrary hardlink creation is possible. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly ...

5.5CVSS6.2AI score0.00248EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.6 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.30 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

0.00248EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:35 p.m.9 views

CVE-2026-58300

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...

6.2CVSS5.8AI score0.00337EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.10 views

Microsoft Edge for Android Information Disclosure Vulnerability

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...

6.2CVSS5.9AI score0.00337EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55646

Name of the Vulnerable Software and Affected Versions Microsoft Edge for Android affected versions not specified Description An absolute path traversal issue exists that allows an unauthorized attacker to disclose information locally. Path traversal is a flaw that allows an attacker to access fil...

6.2CVSS5.8AI score0.00337EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54832

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The software contains flaws in file handling functionality used for data export and upload. Improper validation of the filename parameter enables path traversal, allowing files to be written to arbitrary...

8.2CVSS5.9AI score0.00339EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References5
Rows per page
Query Builder