Lucene search
K

106 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/19 9:24 a.m.7 views

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:52 p.m.23 views

Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap

Summary A race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem. This advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked in...

6.1CVSS5.9AI score0.00108EPSS
Exploits0References3Affected Software3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.20 views

PT-2026-41766

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of docker cp, allowing a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem with root...

6.1CVSS5.4AI score0.00108EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/05/12 4:21 p.m.54 views

CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS0.00147EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

Tookie-OSINT 路径遍历漏洞

Tookie-OSINT is a cross-platform username discovery tool developed by Alfredredbird. Versions prior to Tookie-OSINT 4.1fix contained a path traversal vulnerability. This vulnerability stemmed from the use of user-input directly as file names in the auxiliary functions writetxt, writecsv, writejso...

6.7CVSS5.7AI score0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:38 p.m.6 views

CVE-2026-42213

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/11 9:23 a.m.6 views

SUSE CVE-2026-35204

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installed or updated, will cause Helm to write the contents of the plugin to an arbitrary filesystem location. To prevent this, validate that the plugin.yaml of the Helm plugin does not...

8.4CVSS5.9AI score0.00158EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29671

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.14.1 Description The external data feature in Copier allows templates to load YAML files using paths controlled by the template. This can allow a malicious template to read YAML-parseable local files accessible to th...

5.5CVSS5.9AI score0.00287EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27490

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References3
NVD
NVD
added 2026/03/06 10:16 p.m.5 views

CVE-2026-27139

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.5 views

CVE-2026-24848

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

9.9CVSS6.2AI score0.06831EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.8 views

PT-2026-26411

Summary When iMessage remote attachment fetching is enabled channels.imessage.remoteHost, stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the...

8.7CVSS5.9AI score0.00344EPSS
Exploits0References7
NVD
NVD
added 2026/02/27 5:16 p.m.6 views

CVE-2026-24488

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on the server...

6.5CVSS0.00399EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/04 9:39 p.m.10 views

EUVD-2026-5331

SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution RCE by writing to sensitive...

9.1CVSS5.6AI score0.01017EPSS
Exploits1References2
NVD
NVD
added 2026/02/04 8:16 p.m.8 views

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

6.5CVSS0.00745EPSS
Exploits1References1
OSV
OSV
added 2026/01/23 12:15 a.m.4 views

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.9AI score0.00244EPSS
Exploits1References1
NVD
NVD
added 2026/01/12 7:16 p.m.17 views

CVE-2026-22783

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

9.6CVSS0.00298EPSS
Exploits0References2
CVE
CVE
added 2026/01/12 6:27 p.m.14 views

CVE-2026-22783

CVE-2026-22783 affects the Iris DFIR-IRIS datastore file management system prior to version 2.4.24 . A vulnerability arises from mass assignment of the field file_local_name combined with trusting the path in the delete operation, enabling authenticated users to delete arbitrary filesystem paths....

9.6CVSS6.6AI score0.00298EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/09 6:16 a.m.4 views

CVE-2026-20975

Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path...

2.1CVSS6.1AI score0.00135EPSS
Exploits0References1
CVE
CVE
added 2026/01/09 6:16 a.m.16 views

CVE-2026-20975

CVE-2026-20975 affects Samsung Cloud prior to version 5.6.11. The vulnerability arises from improper handling of insufficient permissions, enabling local attackers to access specific files in arbitrary paths. Evidence across multiple feeds confirms the affected software and impact; exploitation s...

5.5CVSS6.1AI score0.00135EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder