Lucene search
K

44513 matches found

Github Security Blog
Github Security Blog
added 2026/05/11 7:34 p.m.8 views

Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...

7.4CVSS5.8AI score0.00442EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/11 7:34 p.m.8 views

GHSA-5VPG-RJ7Q-QPW2 Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...

7.4CVSS5.8AI score0.00442EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/11 7:2 p.m.40 views

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS0.00657EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/11 7:2 p.m.8 views

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00657EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29084

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29080

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

5.9AI score0.00513EPSS
Exploits5References3
OSV
OSV
added 2026/05/11 6:31 p.m.5 views

GHSA-J74F-G7VX-FH4X pgAdmin 4: OS command injection vulnerability in Import/Export query export

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.13 views

pgAdmin 4: OS command injection vulnerability in Import/Export query export

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 6:23 p.m.8 views

CVE-2026-42866 Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:23 p.m.20 views

CVE-2026-42866

Tookie OSINT prior to version 4.1fix is vulnerable to path traversal when producing output files. In modules/modules.py (functions write_txt, write_csv, write_json, and the shipped but commented scan_file), the output filename is formed as open(f"{user}."), where user is unsanitized from -u or -U...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:23 p.m.51 views

CVE-2026-42866 Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.14 views

CVE-2026-7816

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS0.01444EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.11 views

CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

5.9CVSS0.00513EPSS
Exploits5References2
NVD
NVD
added 2026/05/11 4:17 p.m.14 views

CVE-2025-65416

docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php...

6.3CVSS0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 3:20 p.m.38 views

CVE-2026-6815 CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

0.00513EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2026/05/11 3:20 p.m.9 views

CVE-2026-6815 CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

5.9AI score0.00513EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2026/05/11 3:2 p.m.6 views

CVE-2026-42608 Grav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the sessionid passed as form-flash-id in POST requests, an unauthenticated attacker can traverse the filesystem to create arbitrary directories an...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 3:2 p.m.9 views

CVE-2026-42608

Grav CVE-2026-42608 describes an unauthenticated path traversal in the FormFlash component that lets an attacker manipulate the session_id (__form-flash-id) in POST requests to traverse the filesystem and write an index.yaml, enabling arbitrary directory creation and data manipulation. Affected: ...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/11 2:35 p.m.32 views

CVE-2026-7819 pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS0.00359EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 2:35 p.m.8 views

CVE-2026-7816

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder