Lucene search
K

224 matches found

EUVD
EUVD
added 18 hours ago4 views

EUVD-2026-40428

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling acce...

8.7CVSS5.8AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-56233

Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling acce...

8.7CVSS
Exploits0References2
OSV
OSV
added 5 days ago5 views

BIT-GRAFANA-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.8AI score0.00304EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 2:17 p.m.10 views

CVE-2026-42129

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS0.00394EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:16 p.m.11 views

CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.86 views

CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.9AI score0.00304EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:18 p.m.31 views

CVE-2026-10601 Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS0.00304EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:18 p.m.6 views

EUVD-2026-38242

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.9AI score0.00304EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.4 views

CVE-2026-10601

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.9AI score0.00304EPSS
Exploits0
CVE
CVE
added 2026/06/22 1:18 p.m.21 views

CVE-2026-42129

The CVE describes a path traversal vulnerability in the Loki datasource plugin (callResource handler). An authenticated Viewer-role user can escape the plugin’s resource sandbox and reach administrative Loki endpoints (for example, /config, /services, /ready) to exfiltrate sensitive backend confi...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/22 1:18 p.m.6 views

EUVD-2026-38241

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.5 views

CVE-2026-42129

The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An authenticated Viewer-role user can escape the plugin's resource sandbox and access administrative Loki endpoints e.g. /config, /services, /ready to extract sensitive backend configuration and internal...

7.7CVSS5.9AI score0.00394EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51299

Name of the Vulnerable Software and Affected Versions Tempo datasource plugin affected versions not specified Loki datasource plugin affected versions not specified Description These plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization,...

5.4CVSS5.8AI score0.00304EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.6 views

CVE-2016-20070 WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.8 views

EUVD-2016-10882

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with...

6.4CVSS5.2AI score0.00231EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/15 9:30 a.m.65 views

Exploit for CVE-2026-37066

CVE-2026-37066 Path traversal leading to Arbitrary File Read i...

5.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34233

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to administrators onl...

6.5CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33733

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled name and scope values and pass them into template path construction without normalization or traversal filtering. As a result, an...

7.2CVSS5.6AI score0.00448EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.8 views

CVE-2026-40926

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

7.1CVSS5.6AI score0.00166EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/02 12:0 a.m.9 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.5AI score0.00365EPSS
Exploits0References2
Rows per page
Query Builder