Lucene search
K

44501 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40933

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution through an unvalidated pagination...

9.9CVSS6AI score0.00632EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40936

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.22.1 Description An attacker with write access to a git repository connected to an n8n Source Control configuration can commit a malicious Data Table JSON file...

9CVSS5.8AI score0.00331EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40899

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40937

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.21.1 Description An authorization bypass exists in the OAuth1 and OAuth2 credential reconnect endpoints. These endpoints incorrectly authorized access using...

8.3CVSS5.8AI score0.00315EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40890

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes...

9.8CVSS6.4AI score0.00665EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symli...

6CVSS5.9AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40884

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.4.107. This is due to insufficient file path validation in the become-dealer logo upload flow. The plugin allows any authenticated user to...

8.1CVSS5.9AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 10:6 p.m.40 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS0.07244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 10:6 p.m.7 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/05/13 10:6 p.m.23 views

CVE-2026-29205

The CVE-2026-29205 issue affects cPanel & WHM. The vulnerability arises from incorrect privileges management and insufficient path filtering, enabling an attacker to read arbitrary files on the server via the cpdavd attachment download endpoints. PT Security reports indicate multiple vulnerabilit...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 10:6 p.m.6 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.10 views

EUVD-2025-209828

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

5.9AI score0.00387EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 8:42 p.m.31 views

CVE-2026-45053 CubeCart: Authenticated Arbitrary File Upload to RCE in REST Files API

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

9.1CVSS0.00585EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 8:42 p.m.9 views

EUVD-2026-30170

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

9.1CVSS5.8AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.14 views

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.8 views

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29957

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS6AI score0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.8 views

EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

5.9AI score0.00409EPSS
Exploits2References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.6 views

EUVD-2026-29949

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

6.2AI score0.00284EPSS
Exploits0References3
Rows per page
Query Builder