Lucene search
K

983 matches found

cnnvd
cnnvd
added 2026/06/02 12:0 a.m.6 views

Collibra Agent 安全漏洞

Collibra Agent is an enterprise-level data governance and data quality enforcement component developed by Collibra Corporation. There is a security vulnerability in Collibra Agent, which stems from a path traversal issue within the recovery processor. This vulnerability could allow attackers to...

7.5CVSS5.5AI score0.00402EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 7:16 p.m.13 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS0.00393EPSS
Exploits0References4
snyk
snyk
added 2026/05/29 10:31 p.m.7 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6CVSS6.2AI score0.00051EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/28 8:56 p.m.37 views

CVE-2026-44885 Portainer: Path traversal in backup archive extraction allows arbitrary file write

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.5CVSS0.00606EPSS
Exploits1References2
nvd
nvd
added 2026/05/28 4:16 p.m.22 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS0.00362EPSS
Exploits0References1
nvd
nvd
added 2026/05/27 3:16 p.m.15 views

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

7.5CVSS0.00364EPSS
Exploits0References1
cve
cve
added 2026/05/27 2:13 p.m.28 views

CVE-2026-48922

CVE-2026-48922 affects Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier. The issue is improper sanitization of file names for file and zip file credentials, enabling a job to write files to arbitrary locations on the node filesystem. This can lead to remote code execution if Jenk...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/05/27 2:13 p.m.14 views

EUVD-2026-32513

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/27 2:13 p.m.10 views

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

6.5AI score0.00364EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/05/27 2:13 p.m.17 views

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1
snyk
snyk
added 2026/05/27 12:34 a.m.40 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting or placing files in sensitive...

8.7CVSS6.1AI score0.00496EPSS
Exploits2References2
cnnvd
cnnvd
added 2026/05/27 12:0 a.m.11 views

Jenkins Credentials Binding Plugin 安全漏洞

The Jenkins Credentials Binding Plugin is an open-source plugin developed by Jenkins that binds secure credentials stored in Jenkins to environment variables during build processes. The Jenkins Credentials Binding Plugin versions 720.v3f6decef43ea and earlier contain security vulnerabilities. The...

7.5CVSS6.3AI score0.00364EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.13 views

PT-2026-44015

Name of the Vulnerable Software and Affected Versions Jenkins Credentials Binding Plugin versions 720.v3f6decef43ea and earlier Description Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/26 9:32 p.m.39 views

CVE-2026-44788 SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

5.9CVSS0.00313EPSS
Exploits1References1
euvd
euvd
added 2026/05/26 9:32 p.m.13 views

EUVD-2026-32013

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

5.9CVSS6AI score0.00313EPSS
Exploits1References1
github
github
added 2026/05/26 7:33 p.m.45 views

XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

5.9AI score0.00056EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2026/05/26 6:40 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

8.7CVSS6.3AI score0.00344EPSS
Exploits0References2
redos
redos
added 2026/05/24 12:0 a.m.20 views

ROS-20260524-73-0044

A vulnerability in the Jenkins Automation Server is related to incorrect symbolic link detection prior to file access during .tar and .tar.gz archive extraction. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...

8.8CVSS6.1AI score0.01161EPSS
Exploits0
snyk
snyk
added 2026/05/21 11:46 a.m.10 views

Directory Traversal

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Directory Traversal in the integration action URL process. An attacker can execute arbitrary API calls with system administrator privileges by...

9.9CVSS6.4AI score0.00249EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/20 5:48 p.m.6 views

CVE-2026-9102

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

9.4CVSS6.5AI score0.00563EPSS
Exploits0References2
Rows per page
Query Builder