Lucene search
K

792 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained a security vulnerability caused by symbolic link path traversal. This vulnerability could allow authenticated users to create symbolic links within...

8.1CVSS5.9AI score0.00359EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 2:16 p.m.10 views

CVE-2026-44340

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

8.7CVSS0.00433EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/08 2:26 a.m.16 views

SUSE CVE-2026-7964

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.9AI score0.00176EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/07 3:25 p.m.154 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail 2 — Electric Boogaloo Unprivileged local privilege...

7.8CVSS6AI score0.96775EPSS
Exploits228
Cvelist
Cvelist
added 2026/05/07 1:17 p.m.31 views

CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

9.6CVSS0.00393EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 1:17 p.m.12 views

CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

9.6CVSS5.9AI score0.00393EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.6 views

EUVD-2026-28027

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS6AI score0.00171EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 7:38 p.m.7 views

GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

🧾 Summary A vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and...

8.8CVSS5.8AI score0.00419EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/06 6:13 p.m.8 views

CVE-2026-7989

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS6AI score0.00163EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:12 p.m.7 views

CVE-2026-7912

Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

6AI score0.00153EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/04 5:13 p.m.33 views

CVE-2026-42085 OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS0.00313EPSS
Exploits1References5
CVE
CVE
added 2026/04/30 8:8 p.m.13 views

CVE-2026-33451

CVE-2026-33451 : An arbitrary read/write vulnerability exists in the Secure Access Windows client prior to version 14.50. With local control of the Windows client, an attacker can send malformed data to a documented API and elevate privileges to SYSTEM. The connected documents confirm the affecte...

8.5CVSS5.4AI score0.00104EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/27 2:17 a.m.8 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS7.6AI score0.00526EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/04/26 1:49 a.m.91 views

BinExploit-Bench

BinExploit-Bench: Binary Exploitation Capability Benchmark for...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/22 5:43 p.m.14 views

i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

Summary Versions of i18next-fs-backend prior to 2.6.4 interpolate the caller-supplied lng and ns values directly into the configured loadPath and addPath templates with no path-component validation and no sanitisation. When an application exposes the resolved language code to user-controlled inpu...

8.2CVSS5.8AI score0.00292EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/22 12:29 p.m.13 views

CVE-2026-6855

CVE-2026-6855 affects InstructLab. A path traversal flaw in the chat session handler can be triggered by manipulating the logs_dir parameter, enabling a local attacker to create directories and write files to arbitrary system locations, potentially causing data modification or disclosure. The iss...

7.1CVSS5.8AI score0.00164EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/04/22 12:29 p.m.28 views

CVE-2026-6855 Instructlab: instructlab: path traversal allows arbitrary directory creation and file write

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logsdir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...

7.1CVSS0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 3:15 p.m.3 views

CVE-2026-41245 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes th...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/18 1:9 a.m.7 views

Wish has SCP Path Traversal that allows arbitrary file read/write

Summary The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../...

9.6CVSS6.6AI score0.00393EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33466

Name of the Vulnerable Software and Affected Versions ByteDance DeerFlow versions prior to commit 2176b2b Description An issue exists in bootstrap-mode custom-agent creation where the validation of the agent name is bypassed. This allows attackers to use absolute paths or traversal-style values a...

9.1CVSS5.9AI score0.00356EPSS
Exploits0References7
Rows per page
Query Builder