Lucene search
K

560 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 1:34 a.m.4 views

CVE-2026-4440

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Critical...

6AI score0.00324EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:26 a.m.3 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by excessive reading and writing operations related to WebGL. This vulnerability could lead to arbitrary reading and writing...

8.8CVSS6.1AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 7:25 p.m.2 views

GHSA-PH8X-4JFV-V9V8 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

The fix for CVE-2026-27598 commit e2ed589, PR 1691 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE, RENAME, EXECUTE - all pass the fileName URL path parameter to locateDAG without...

8.1CVSS6AI score0.00469EPSS
Exploits1References4
OSV
OSV
added 2026/03/13 9:19 p.m.5 views

CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

5.4CVSS5.9AI score0.00476EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 4:50 p.m.3 views

CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

8.4CVSS5.9AI score0.00203EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/09 7:19 p.m.6 views

CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS8.1AI score0.00428EPSS
Exploits1
NVD
NVD
added 2026/03/06 5:16 p.m.5 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS0.0022EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.5 views

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

9.8CVSS6.1AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2026/03/04 5:16 p.m.9 views

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

9.8CVSS0.00641EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:28 a.m.7 views

SUSE CVE-2026-23633

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

6.5CVSS5.8AI score0.00456EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-22963

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

6.1AI score0.00641EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/04 12:0 a.m.2 views

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

6.1AI score0.00641EPSS
Exploits1References3
CVE
CVE
added 2026/03/04 12:0 a.m.19 views

CVE-2025-66678

CVE-2025-66678 affects Nil Hardware Editor’s Hardware Read & Write Utility (HwRwDrv.sys) up to v1.25.11.26. A crafted request can trigger arbitrary read/write operations, as described across multiple sources (NVD, RH, EUVD, OSV, CNNVD, etc.). The underlying issue is located in HwRwDrv.sys and lea...

9.8CVSS6.1AI score0.00641EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.15 views

Hardware Read & Write Utility 安全漏洞

The Hardware Read & Write Utility is a hardware register modification tool developed by Nil Hardware Editor’s individual developers. Versions of the Hardware Read & Write Utility prior to v1.25.11.26 contained security vulnerabilities. These vulnerabilities stemmed from defects in the HwRwDrv.sys...

9.8CVSS5.9AI score0.00641EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/02/21 12:23 a.m.2 views

SUSE CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.8AI score0.00288EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 2:16 a.m.13 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS0.00288EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/20 1:7 a.m.6 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.6AI score0.00288EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/20 1:7 a.m.30 views

CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS0.00288EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/02/20 1:7 a.m.7 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.7AI score0.00288EPSS
Exploits1References3
Rows per page
Query Builder