Lucene search
K

44503 matches found

GithubExploit
GithubExploit
added 2026/05/13 8:34 a.m.93 views

Exploit for CVE-2026-31156

CVE-2026-31156 There is a path injection vulnerability in Open...

6AI score0.00409EPSS
Exploits2
Cvelist
Cvelist
added 2026/05/13 8:0 a.m.38 views

CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS0.00368EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.40 views

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

0.00387EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40631

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS6AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40606

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

6.2AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.5 views

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

6.2AI score0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

6.2AI score0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.9 views

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

5.9AI score0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.7 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from vulnerabilities in SQL expressions. This vulnerability could allow authenticated attackers to read arbitrary files from the Grafana server’s file system...

6.3CVSS6AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 12:0 a.m.16 views

CVE-2025-27850

CVE-2025-27850 affects Garmin WDU servers (versions v1 1.4.6 and v2 5.0). A symlink attack is possible when a malicious graphics package containing symlinks is uploaded; the web server follows the provided links while serving content, and there are no restrictions on link targets. This allows an ...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

qihang-wms 安全漏洞

Qihang-WMS is an intelligent warehousing management system developed by Qiliping’s individual developers. The Qihang-WMS version commit 75c15a contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability present in the ShopOrderImportController.java...

7.3CVSS6.2AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.10 views

PT-2026-40756

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS5.9AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 12:0 a.m.10 views

CVE-2026-37430

The vulnerability CVE-2026-37430 affects the qihang-wms project, specifically the ShopOrderImportController.java component (commit 75c15a). An arbitrary file upload flaw allows an attacker to execute arbitrary code by uploading a crafted file. The reported CVSS v3.1 base score is 7.3 (HIGH) with ...

7.3CVSS6.2AI score0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.35 views

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

0.00284EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.17 views

CVE-2026-31156

CVE-2026-31156 describes a path-injection flaw in OpenPLC v3 arising from glue_generator.cpp not validating file path arguments passed on the command line. User-supplied paths are handed directly to file APIs (fopen/ifstream/ofstream), enabling an attacker to read arbitrary readable files. Public...

6.5CVSS5.9AI score0.00409EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40795

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a symlink attack, which occurs when a system follows a symbolic link a file that points to another file or directory to access locations outside the...

7.5CVSS5.5AI score0.00387EPSS
Exploits0References4
Redos
Redos
added 2026/05/13 12:0 a.m.13 views

ROS-20260513-73-0017

Vulnerability in python2-requests related to insecure temporary files. Exploitation of the vulnerability could allow an attacker to overwrite arbitrary files...

5.5CVSS5.9AI score0.00182EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/12 10:22 p.m.9 views

esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

8.7CVSS6.4AI score0.00362EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/12 10:22 p.m.4 views

GHSA-3636-H3VX-6465 esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

8.7CVSS6.4AI score0.00362EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 p.m.13 views

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

9.3CVSS0.00319EPSS
Exploits0References1
Rows per page
Query Builder