Lucene search
K

31 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55111

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 4:1 p.m.5 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Directory Traversal

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
NVD
NVD
added 2026/06/05 10:16 p.m.12 views

CVE-2026-11431

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...

8.3CVSS0.00517EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 3:16 p.m.8 views

CVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS0.15601EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/01/22 2:45 p.m.2 views

CVE-2025-15523 TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

4.8CVSS5.7AI score0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/05 7:25 a.m.24 views

CVE-2025-15235 Quanta Computer|QOCA aim AI Medical Cloud Platform - Missing Authorization

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files...

7.1CVSS0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/19 12:24 p.m.4 views

CVE-2025-14881 Insecure direct object reference

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS6.4AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26399

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/19 10:6 a.m.6 views

CVE-2025-10719 WisdomGarden|Tronclass - Insecure Direct Object Reference

Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...

5.3CVSS6.7AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.5 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2022 Release 1, which stems from an intent redirection that could...

7.1CVSS6.5AI score0.00104EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/08/06 2:53 a.m.3 views

SUSE CVE-2025-52995

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...

6.6CVSS7.2AI score0.00513EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.5 views

SAMSUNG Semiconductor Mobile Processor 安全漏洞

SAMSUNG Semiconductor Mobile Processor is a semiconductor mobile processor from Samsung South Korea. A security vulnerability exists in SAMSUNG Semiconductor Mobile Processor versions prior to SMR-Apr-2025 Release 1, which stems from improper access control and could result in access to arbitrary...

5.5CVSS6.6AI score0.00127EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 10:31 a.m.22 views

Important: Red Hat Security Advisory: bubblewrap and flatpak security update

An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.3AI score0.01283EPSS
Exploits1References1
OSV
OSV
added 2024/11/12 12:0 a.m.14 views

ALSA-2024:9449 Important: bubblewrap and flatpak security update

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...

10CVSS8.8AI score0.01283EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/09/05 12:0 a.m.33 views

RHEL 9 : bubblewrap and flatpak (RHSA-2024:6355)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6355 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

10CVSS8.2AI score0.01283EPSS
Exploits1References3
OSV
OSV
added 2024/08/27 1:15 p.m.5 views

CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...

8.8CVSS5.8AI score0.00611EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.3 views

guava: insecure temporary directory creation

A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory...

7.1CVSS6.7AI score0.00248EPSS
Exploits0References4
NCSC
NCSC
added 2023/01/24 12:0 a.m.5 views

Vulnerability fixed in Symantec Endpoint Protection

Symantec has fixed a vulnerability in Endpoint Protection. A local malicious person could exploit the vulnerability to grant themselves elevated privileges and thus gain access to files and possibly sensitive information for which he initially has no privileges. Symantec has released updates to f...

7.8CVSS6.5AI score0.00166EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.6 views

PT-2022-27664 · Huawei · Huawei Aslan Children'S Watch

Name of the Vulnerable Software and Affected Versions: Huawei Aslan Children's Watch affected versions not specified Description: The issue is related to an improper authorization vulnerability. If successfully exploited, it could allow an attacker to access certain files. Recommendations: At the...

5.5CVSS6.8AI score0.00143EPSS
Exploits0References4
Rows per page
Query Builder