Lucene search
K

44484 matches found

Cvelist
Cvelist
added 2026/05/18 9:16 p.m.32 views

CVE-2026-27891 Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS0.00522EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 9:16 p.m.9 views

CVE-2026-27891 Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism

FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadi...

7.2CVSS5.8AI score0.00522EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 9:16 p.m.28 views

CVE-2026-27891

FacturaScripts versions up to 2026 are affected by a Zip Slip vulnerability in the Plugins::add() function. The issue arises from improper validation of file paths inside uploaded ZIP archives (Plugins.php), allowing path traversal (e.g., ValidPluginName/../../shell.php) during extraction. This c...

7.2CVSS5.8AI score0.00522EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:23 p.m.10 views

CVE-2026-22810

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...

8.2CVSS5.9AI score0.00206EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/18 7:8 p.m.22 views

EUVD-2026-29571

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/18 7:8 p.m.13 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...

6.3CVSS6.3AI score0.00711EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:8 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...

6.3CVSS6.3AI score0.00711EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:8 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...

6.3CVSS6.3AI score0.00711EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 7:8 p.m.5 views

GHSA-RG75-Q538-X34V Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability...

7.5CVSS5.8AI score0.00711EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/18 7:8 p.m.19 views

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References5Affected Software4
OSV
OSV
added 2026/05/18 7:1 p.m.5 views

GHSA-3MJV-375J-6H92 AVideo: Authenticated Arbitrary File Read in view/update.php

Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...

6.9CVSS6.1AI score0.00469EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/18 7:1 p.m.8 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the updateFile parameter in the view/update.php process. An attacker can access arbitrary files on the server by supplying crafted path...

6.9CVSS6.3AI score0.00469EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/18 7:1 p.m.13 views

AVideo: Authenticated Arbitrary File Read in view/update.php

Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...

6.9CVSS6.1AI score0.00469EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:52 p.m.7 views

CVE-2026-45242

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References5
CVE
CVE
added 2026/05/18 6:52 p.m.17 views

CVE-2026-45242

The CVE-2026-45242 vulnerability affects the Summarize tool prior to version 0.15.1, exposing a path traversal flaw in the /v1/summarize daemon endpoint. An authenticated user can supply an absolute path or directory traversal sequence in the slidesDir parameter, allowing writes of slide_*.png an...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/18 6:52 p.m.44 views

CVE-2026-45242 Summarize < 0.15.1 Path Traversal via slidesDir Parameter

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS0.00396EPSS
Exploits1References4
NVD
NVD
added 2026/05/18 6:17 p.m.18 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

7.5CVSS0.00595EPSS
Exploits1References3
OSV
OSV
added 2026/05/18 1:20 p.m.9 views

JLSEC-2026-499

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...

6.1CVSS6AI score0.00349EPSS
Exploits1References10
OSV
OSV
added 2026/05/18 1:20 p.m.11 views

JLSEC-2026-500

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

6.3CVSS6.3AI score0.00247EPSS
Exploits0References14
OSV
OSV
added 2026/05/18 12:31 p.m.3 views

GHSA-QWRP-WGHP-94Q2 SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References4
Rows per page
Query Builder