Lucene search
K

44487 matches found

OSV
OSV
added 2026/05/18 1:20 p.m.11 views

JLSEC-2026-500

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of...

6.3CVSS6.3AI score0.00349EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 p.m.15 views

SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/18 12:31 p.m.3 views

GHSA-QWRP-WGHP-94Q2 SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability

SGLang's multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References4
NVD
NVD
added 2026/05/18 12:16 p.m.18 views

CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/18 10:39 a.m.46 views

CVE-2026-7302 CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

0.00386EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 10:39 a.m.8 views

CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/18 10:39 a.m.9 views

CVE-2026-7302 CVE-2026-7302

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

5.9AI score0.00386EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 10:39 a.m.22 views

CVE-2026-7302

The CVE-2026-7302 entry concerns the SGLangs multimodal generation runtime, which is vulnerable to an unauthenticated path traversal flaw. An attacker can craft upload filenames containing "../" to cause the server process to write arbitrary files to locations it has write access, via specific en...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41706

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41731

Name of the Vulnerable Software and Affected Versions Claude HUD versions 0.0.0 through 0.0.12 Description A path traversal issue allows attackers to read arbitrary files by providing an unvalidated transcript path value via stdin JSON. This enables access to any file readable by the process...

4.8CVSS5.9AI score0.00126EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.9 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Joplin 安全漏洞

Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Versions of Joplin prior to 3.5.7 contained a security vulnerability. This vulnerability stemmed from path traversal vulnerabilities in the importer; the OneNote converter did not clean up embedded file names...

8.2CVSS5.8AI score0.00206EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.56 views

📄 4D Server Server-Side Request Forgery / Arbitrary File Read

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP SIGNED...

8.7CVSS6AI score0.00447EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/05/18 12:0 a.m.6 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.44 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

0.00595EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.24 views

PT-2026-41669

Name of the Vulnerable Software and Affected Versions SGLangs multimodal generation runtime affected versions not specified Description An unauthenticated path traversal flaw allows an attacker to write arbitrary files to any location where the server process has write permissions. This is achiev...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41715

Name of the Vulnerable Software and Affected Versions DumbAssets versions 1.0 through 1.0.11 Description A path traversal issue exists in the 'POST /api/delete-file' endpoint via the filesToDelete array parameters. This allows unauthenticated attackers to bypass directory boundary validation by...

9.1CVSS5.8AI score0.00626EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/18 12:0 a.m.14 views

EUVD-2026-30783

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.40 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

0.00372EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

FacturaScripts 输入验证错误漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2026 contained a vulnerability related to input validation errors. This vulnerability stemmed from the Plugins::add function not properly verifying the file paths in...

7.2CVSS6.2AI score0.00522EPSS
Exploits0References1
Rows per page
Query Builder