Lucene search
K

2060 matches found

Cvelist
Cvelist
added 2026/02/27 9:43 p.m.23 views

CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS0.03095EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:43 p.m.7 views

CVE-2026-28414

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS6AI score0.03095EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/27 9:43 p.m.70 views

CVE-2026-28414

CVE-2026-28414 : The issue affects Gradio prior to 6.7 on Windows with Python 3.13+. A bug in Gradio’s path-joining logic, triggered by Python 3.13+ changes to os.path.isabs, allows an unauthenticated attacker to read arbitrary files from the Gradio server via root-relative paths. The vulnerabili...

7.5CVSS6AI score0.03095EPSS
In wildExploits1References1Affected Software1
OSV
OSV
added 2026/02/27 9:43 p.m.7 views

CVE-2026-28414 Gradio has Absolute Path Traversal on Windows with Python 3.13+

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS6AI score0.03095EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Gradio 安全漏洞

Gradio is an open-source Python library developed by Google. It provides a user-friendly web interface for demonstrating machine learning models. Prior to version 6.7, Gradio had a security vulnerability. This vulnerability stemmed from changes in the definition of os.path.isabs in Python 3.13+,...

7.5CVSS7.4AI score0.03095EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/24 10:42 p.m.9 views

CVE-2026-23521

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

6.5CVSS5.4AI score0.0032EPSS
Exploits1References1
NVD
NVD
added 2026/02/23 9:19 p.m.19 views

CVE-2026-23521

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

6.5CVSS0.0032EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/23 8:57 p.m.34 views

CVE-2026-23521 Traccar vulnerable to Path Traversal and External Control of File Name or Path

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

6.5CVSS0.0032EPSS
Exploits1References1
CVE
CVE
added 2026/02/23 8:57 p.m.14 views

CVE-2026-23521

Traccar open-source GPS tracking system versions up to 6.11.1 are affected by a path-traversal risk. Authenticated users who can create or edit devices can set a device uniqueId to an absolute path. During device image upload, Traccar uses that uniqueId to construct the filesystem path without en...

6.5CVSS5.4AI score0.0032EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.6 views

PT-2026-21558

Name of the Vulnerable Software and Affected Versions Traccar versions up to and including 6.11.1 Description The Traccar GPS tracking system is affected by an issue where authenticated users with device creation or editing privileges can manipulate the uniqueId parameter to specify an absolute...

6.5CVSS5.2AI score0.0032EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.7 views

Traccar 安全漏洞

Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. Traccar...

6.5CVSS5.8AI score0.0032EPSS
Exploits1References1
CVE
CVE
added 2026/02/19 5:1 p.m.25 views

CVE-2026-26337

Hyland Alfresco Transformation Service is affected by CVE-2026-26337. The flaw enables unauthenticated attackers to perform absolute path traversal, resulting in arbitrary file reads and server-side request forgery (SSRF). Reported CVSS-3.1 base score 8.2 (HIGH) with NETWORK attack vector and no ...

8.8CVSS5.7AI score0.00544EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20876

Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description The Hyland Alfresco Transformation Service is susceptible to exploitation allowing unauthenticated attackers to perform arbitrary file read and server-side...

9.8CVSS5.4AI score0.00544EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

Hyland Alfresco Transformation Service 安全漏洞

The Hyland Alfresco Transformation Service is a document conversion service component provided by the American company Hyland. The Hyland Alfresco Transformation Service has a security vulnerability, which stems from absolute path traversal. This vulnerability could allow unauthenticated attacker...

9.8CVSS5.9AI score0.00544EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/12 12:0 a.m.18 views

VulnCheck KEV: CVE-2015-5471

Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter...

5.3CVSS7.4AI score0.32714EPSS
In wildExploits2References2
Packet Storm
Packet Storm
added 2026/02/11 12:0 a.m.114 views

📄 JUNG Smart Panel 5.1 KNX Unauthenticated Absolute File Path Traversal

The JUNG Smart Panel 5.1 KNX controller suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server. JUNG Smart Panel 5.1 KNX Unauthenticated Absolute File Path Traversal Vendor: ALBREC...

5.8AI score
Exploits0
OSV
OSV
added 2026/01/26 9:2 p.m.6 views

GHSA-M733-5W8F-5GGW pnpm has symlink traversal in file:/git dependencies

Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...

6.7CVSS6.1AI score0.00469EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/23 9:18 a.m.8 views

CVE-2026-1330

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

8.7CVSS5.7AI score0.00608EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 8:29 a.m.28 views

CVE-2026-1330 HAMASTAR Technology|MeetingHub - Arbitrary File Read

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

8.7CVSS0.00608EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 8:29 a.m.4 views

CVE-2026-1330 HAMASTAR Technology|MeetingHub - Arbitrary File Read

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...

8.7CVSS5.7AI score0.00608EPSS
Exploits0References2
Rows per page
Query Builder