Lucene search
K

2361 matches found

CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Altium Enterprise Server 安全漏洞

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. There is a security vulnerability in Altium Enterprise Server. This vulnerability stems from improper handling of file names provided to users, leading to path traversal attacks...

9.4CVSS5.3AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.10 views

PT-2026-46896

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

4.5CVSS5.9AI score0.0009EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Mimecast Incydr 安全漏洞

Mimecast Incydr is a cloud-native internal risk management and data protection platform developed by Mimecast Corporation in the United States. Versions of Mimecast Incydr prior to version 2.6.0 contained security vulnerabilities that could lead to arbitrary file access...

4.5CVSS5.5AI score0.0009EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Seagull BarTender 代码问题漏洞

Seagull BarTender is an enterprise-level labeling, barcode, and RFID design and printing software developed by Seagull Corporation in the United States. Versions of Seagull BarTender 2010, 2016, and 2019 contained code vulnerabilities. These vulnerabilities stemmed from unvalidated and improperly...

9.8CVSS5.8AI score0.00729EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 3:23 p.m.18 views

CVE-2026-42320

GLPI versions affected: before 10.0.25 and 11.0.7, starting from 0.50. The issue allows a technician to read arbitrary files inside the GLPI_DOC_DIR due to a flaw in access control. A patch is available: upgrade to 10.0.25 or 11.0.7. No exploitation details are provided beyond the description; no...

5.9CVSS5.9AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 3:23 p.m.46 views

CVE-2026-42320 GLPI vulnerable to arbitrary file access

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

5.9CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 3:23 p.m.10 views

CVE-2026-42320 GLPI vulnerable to arbitrary file access

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

5.9CVSS5.9AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:51 p.m.13 views

CVE-2026-41412

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accep...

4.9CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Alf.io 安全漏洞

Alf.io is a free and open-source event attendance management system developed by Alf.io. Versions of Alf.io prior to 2.0-M5-2606 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP Client’s postFileAndSaveResponse method, which allowed arbitrary file system paths witho...

4.9CVSS5.6AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 3:4 p.m.10 views

USN-8359-1 nncp vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/01 9:16 a.m.9 views

PYSEC-0000-CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:55 a.m.9 views

CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

5.9AI score0.00665EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:5 p.m.9 views

CVE-2026-45731

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS6AI score0.00469EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 11:47 a.m.9 views

CVE-2026-8326

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

10CVSS5.9AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Remote Spark SparkView 安全漏洞

Remote Spark SparkView is a browser-based client software developed by Remote Spark, enabling remote desktop and terminal access. Versions of Remote Spark SparkView prior to build 1127 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in RDP driver redirection,...

10CVSS6.3AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 4:16 p.m.27 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 2:24 p.m.35 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:24 p.m.10 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/27 5:35 p.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of symbolic links in shared libraries. An attacker can access arbitrary files on the controller filesystem by controlling the contents of a library used by a Pipeline job. Details A Directory Travers...

7.5CVSS6.3AI score0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 3:16 p.m.15 views

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...

8.8CVSS0.00299EPSS
Exploits0References1
Rows per page
Query Builder