Lucene search
K

977 matches found

NVD
NVD
added 2026/06/10 2:16 p.m.13 views

CVE-2026-52752

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:41 p.m.12 views

EUVD-2026-36014

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS6AI score0.00215EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Dell/Alienware Purchased Apps 后置链接漏洞

Dell/Alienware Purchased Apps is a pre-installed software management tool developed by the American company Dell. Versions of Dell/Alienware Purchased Apps prior to 1.1.32.0 contained a backlink vulnerability. This vulnerability stemmed from improper link resolution before file access, which coul...

6.3CVSS5.5AI score0.00097EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 9:16 p.m.13 views

CVE-2026-11422

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

8.4CVSS0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 7:54 p.m.13 views

EUVD-2026-34913

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.6AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-39817

A flaw was found in the "go tool pack" subcommand, a component of the Go programming language tools. This vulnerability allows an attacker to craft a malicious archive file. When this archive is extracted using the "pack" subcommand, it can lead to arbitrary file writes on the filesystem,...

5.9CVSS6.3AI score0.0017EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.6AI score0.00393EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 4:26 p.m.4 views

Directory Traversal

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Directory Traversal via the unzipDirectory function. An attacker can write arbitrary files to the filesystem outside the intended extraction directory by uploading a speciall...

9.8CVSS6.8AI score0.00058EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

decompress 安全漏洞

Decompress is a file decompression tool personally developed by Kevin Mårtensson. Decompress has a security vulnerability; this vulnerability arises when decompressing a ZIP archive that contains two entries with the same path. Due to issues with the order of micro-task processing, arbitrary file...

7.5CVSS5.5AI score0.00521EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47053

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions 0.8.x Description A code injection issue exists in the WaveDrom rendering pipeline. Attackers can execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted...

8.4CVSS5.9AI score0.00159EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-47043

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server Vault Service affected versions not specified Description A path traversal issue exists in the 'UploadController' due to improper validation of a user-controlled path component during image upload requests. An...

9.4CVSS6AI score0.00548EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:3 p.m.14 views

CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

5.9AI score0.00402EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2026/06/02 2:3 p.m.14 views

EUVD-2026-33932

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...

7.5CVSS5.9AI score0.00402EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

Collibra Agent 安全漏洞

Collibra Agent is an enterprise-level data governance and data quality enforcement component developed by Collibra Corporation. There is a security vulnerability in Collibra Agent, which stems from a path traversal issue within the recovery processor. This vulnerability could allow attackers to...

7.5CVSS5.5AI score0.00402EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 7:16 p.m.13 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS0.00393EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 10:31 p.m.7 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6CVSS6.2AI score0.00051EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 8:56 p.m.37 views

CVE-2026-44885 Portainer: Path traversal in backup archive extraction allows arbitrary file write

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.5CVSS0.00606EPSS
Exploits1References2
NVD
NVD
added 2026/05/28 4:16 p.m.21 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS0.00362EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 3:16 p.m.15 views

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

7.5CVSS0.00364EPSS
Exploits0References1
Rows per page
Query Builder