Lucene search
K

44504 matches found

NVD
NVD
added 2026/05/12 4:16 p.m.14 views

CVE-2023-27753

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

8CVSS0.00332EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.10 views

Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

8.2CVSS6AI score0.00243EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/12 3:8 p.m.8 views

GHSA-8HF9-3Q64-Q2QF Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

8.2CVSS6AI score0.00243EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.11 views

Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

Summary When dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to...

7.5CVSS6AI score0.00251EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/12 3:8 p.m.8 views

GHSA-35WR-X7V6-9FV2 Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

Summary When dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to...

7.5CVSS6AI score0.00251EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 a.m.17 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 8:20 a.m.16 views

CVE-2025-40948

The CVE-2025-40948 entry affects RUGGEDCOM ROX MX5000/MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, RX5000 (all versions

6.8CVSS5.9AI score0.00286EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 8:20 a.m.10 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 5:23 a.m.7 views

Security Bulletin: InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read (CVE-2026-3366)

Summary InfoSphere Optim Test Data Fabrication Resource Manager is affected by Arbitrary File Read via Path Traversal CVE-2026-3366. Vulnerability Details CVEID:CVE-2026-3366 DESCRIPTION: IBM InfoSphere Optim Test Data Fabrication could allow a remote attacker to traverse directories on the syste...

7.5CVSS6AI score0.00596EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 2:27 a.m.6 views

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

8.6CVSS6.1AI score0.00435EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

MK-AUTH 安全漏洞

MK-AUTH is a set of access control systems developed by Pedro Filho in Brazil. Version 23.01K4.9 of MK-AUTH contains security vulnerabilities. These vulnerabilities stem from arbitrary file uploads, which may allow attackers to execute arbitrary code by uploading specially crafted PHP files...

8CVSS6.2AI score0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 12:0 a.m.14 views

CVE-2026-31216

The CVE concerns the Nexent v1.7.5.2 backend service. The vulnerability lies in the file management API: DELETE /storage/{object_name:path} accepts a user-controlled object_name and is missing authentication, authorization, and input validation. This allows unauthenticated remote attackers to del...

9.1CVSS6AI score0.00401EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40542

Name of the Vulnerable Software and Affected Versions esm.sh versions 137 and earlier Description The legacy router retrieves a response from legacyServer, parses the request path, and writes data to storage using the buildStorage.Put function. Because the router concatenates path components...

8.7CVSS6.5AI score0.00362EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.6 views

Pulpy 路径遍历漏洞

Pulpy is a lightweight tool developed by Enes Gökkaya that converts web applications into desktop applications. Versions of Pulpy prior to 0.1.1 contained a path traversal vulnerability. This vulnerability stemmed from an incomplete blacklist for the validateFsPath function, which could lead to...

9.3CVSS5.9AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.14 views

CVE-2023-27753

CVE-2023-27753 describes an arbitrary file upload vulnerability in MK-Auth 23.01K4.9 that allows attackers to execute arbitrary code by uploading a crafted PHP file. The Red Hat, EUVD, NVD and CVE records corroborate the same description. The core issue is a file upload flaw enabling remote code ...

8CVSS6.2AI score0.00332EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.7 views

CVE-2026-31216

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...

6AI score0.00401EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40543

Name of the Vulnerable Software and Affected Versions esm.sh versions 137 and earlier Description A Local File Inclusion LFI issue exists in the esbuild plugin's handling of the browser field within the package.json file. An attacker can publish a malicious npm package that leverages ../ sequence...

7.5CVSS5.9AI score0.00321EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.11 views

CVE-2023-27753

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

6.2AI score0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40449

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21 Description Authenticated users can write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. This occurs due to an unvalidated filename parameter in the uplo...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40398

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References2
Rows per page
Query Builder