Lucene search
K

44479 matches found

EUVD
EUVD
added 2026/05/19 12:0 a.m.10 views

EUVD-2026-30944

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.2AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41966

Name of the Vulnerable Software and Affected Versions Mailpit affected versions not specified Description The dump --http sub-command allows an arbitrary file write via path traversal. When downloading messages from a remote server, the tool uses the message ID from the JSON response to construct...

5.9CVSS6.1AI score0.00032EPSS
Exploits0References5
CVE
CVE
added 2026/05/19 12:0 a.m.19 views

CVE-2026-34883

The CVE-2026-34883 affects the Portrait Dell Color Management application (before version 3.7.0) on Windows systems used with Dell monitors. The root cause is a symbolic link vulnerability in the installer that runs with elevated privileges, allowing a local low-privileged user to escalate to Adm...

5.3CVSS5.9AI score0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.6 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.2AI score0.00526EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...

9.8CVSS6.2AI score0.00526EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.9 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

6.2AI score0.00526EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 12:0 a.m.31 views

CVE-2026-30117

The CVE-2026-30117 entry affects scalar/astro v0.1.13, exposing an arbitrary file-upload vulnerability in the Scalar Proxy endpoint via the scalar_url parameter. This leads to remote code execution by uploading a crafted SVG file, as described across multiple sources. The CVSSv3.1 score is 9.8 (C...

9.8CVSS6.2AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41884

Name of the Vulnerable Software and Affected Versions Piotnet Forms versions prior to 2.1.41 Description An arbitrary file upload issue exists due to missing file type validation within the piotnetforms ajax form builder function. The software employs an incomplete extension blacklist that blocks...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.8 views

ALSA-2026:19368 Important: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

7.8CVSS6.2AI score0.01761EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.11 views

RHEL 10 : linux-sgx (RHSA-2026:18480)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18480 advisory. The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SG...

8.8CVSS6.7AI score0.01535EPSS
Exploits5References16
Snyk
Snyk
added 2026/05/18 11:50 p.m.8 views

Directory Traversal

Overview @joplin/onenote-converter is an Used to import a OneNote archive into Joplin Affected versions of this package are vulnerable to Directory Traversal via the OneNote importer. An attacker can overwrite arbitrary files on disk by supplying a crafted .one file containing specially crafted...

8.2CVSS6.3AI score0.00206EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/18 10:47 p.m.87 views

Exploit for CVE-2026-5203

CVE-2026-5203 — CMS Made Simple ≤ 2.2.22 RCE Path Traversal +...

5.8CVSS6AI score0.00317EPSS
Exploits1
NVD
NVD
added 2026/05/18 10:16 p.m.16 views

CVE-2026-27891

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS0.00522EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 9:16 p.m.15 views

CVE-2026-22810

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...

8.2CVSS0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/18 9:16 p.m.11 views

EUVD-2026-30808

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS5.8AI score0.00522EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 9:16 p.m.10 views

CVE-2026-27891

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS5.8AI score0.00522EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/18 9:16 p.m.32 views

CVE-2026-27891 Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS0.00522EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 9:16 p.m.9 views

CVE-2026-27891 Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS5.8AI score0.00522EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 9:16 p.m.28 views

CVE-2026-27891

FacturaScripts versions up to 2026 are affected by a Zip Slip vulnerability in the Plugins::add() function. The issue arises from improper validation of file paths inside uploaded ZIP archives (Plugins.php), allowing path traversal (e.g., ValidPluginName/../../shell.php) during extraction. This c...

7.2CVSS5.8AI score0.00522EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:23 p.m.10 views

CVE-2026-22810

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...

8.2CVSS5.9AI score0.00206EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder