Lucene search
K

983 matches found

euvd
euvd
added 2026/06/26 4:23 p.m.7 views

EUVD-2026-39804

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS5.9AI score0.00289EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.18 views

PT-2026-53002

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description Insufficient validation of the $tag placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and use...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References16
cvelist
cvelist
added 2026/06/25 8:46 p.m.25 views

CVE-2026-56445 pydicom pynetdicom Library Path Traversal

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/25 8:46 p.m.6 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/06/25 8:46 p.m.12 views

CVE-2026-56445

The CVE-2026-56445 issue affects the qrscp application’s C-STORE handler. It directly uses an attacker-supplied DICOM dataset instance in os.path.join() without sanitization, enabling writes to arbitrary file paths on the system. This is a path traversal vulnerability in the file-write path, with...

9.1CVSS6AI score0.00434EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/25 6:3 p.m.7 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/25 5:56 p.m.6 views

CVE-2026-54250

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS6AI score0.00122EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.12 views

PT-2026-52514

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...

7.3CVSS5.9AI score0.0027EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/06/24 5:48 p.m.5 views

CVE-2026-44017

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS6.7AI score0.00478EPSS
Exploits0References3Affected Software1
snyk
snyk
added 2026/06/23 6:20 p.m.6 views

Directory Traversal

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the Clone or Push operations in the Git node when a local filesystem path is supplied as the source or target repository, bypassing the intended file sandbox. An attacker can...

7.7CVSS6.5AI score0.00495EPSS
Exploits0References2
github
github
added 2026/06/23 5:59 p.m.9 views

Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Summary The securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process AMP...

7.8CVSS6.3AI score0.00866EPSS
Exploits3References3Affected Software1
github
github
added 2026/06/23 5:10 p.m.11 views

Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/22 5:39 a.m.5 views

BIT-DOTNET-SDK-2026-32175 .NET Core Tampering Vulnerability

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

4.3CVSS6AI score0.00711EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/19 5:31 p.m.7 views

CVE-2026-49290

Slopsmith is a self-contained web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC CDLC. Prior to 0.2.9-alpha.5, a path-traversal vulnerability in Slopsmith's archive extractors allows an attacker to write arbitrary files outside the extraction directory by supplying a...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.22 views

PT-2026-51001

Name of the Vulnerable Software and Affected Versions Slopsmith versions prior to 0.2.9-alpha.5 Description Slopsmith is a web application for browsing, playing, and practicing Rocksmith 2014 Custom DLC. A path-traversal issue in the archive extractors allows an attacker to write arbitrary files...

9.4CVSS6.7AI score0.00568EPSS
Exploits0References7
snyk
snyk
added 2026/06/18 2:24 p.m.5 views

External Control of File Name or Path

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.1CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/18 12:0 a.m.15 views

PT-2026-56002

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.9.0 Description An issue exists when the crawler saves downloaded files, as the destination filename is derived from attacker-influenced input and joined to the downloads directory without proper confinement. This...

9.6CVSS6.5AI score0.00502EPSS
Exploits1References9
nvd
nvd
added 2026/06/17 11:17 p.m.10 views

CVE-2026-12568

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS0.00251EPSS
Exploits0References1
nvd
nvd
added 2026/06/17 5:16 p.m.17 views

CVE-2025-71321

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

9.8CVSS0.00624EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/17 7:51 a.m.9 views

CVE-2026-7774

A flaw was found in the tarfile.datafilter function within the Python tarfile module. A remote attacker could exploit this vulnerability by providing a specially crafted tar archive containing malicious link entries, such as symlinks with empty or directory-like names. This bypass allows the...

6.9CVSS5.6AI score0.00622EPSS
Exploits0References6
Rows per page
Query Builder