Lucene search
K

107 matches found

EUVD
EUVD
added last week5 views

EUVD-2026-42251

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
CVE
CVE
added last week13 views

CVE-2026-56273

Flowise prior to 3.1.0 is affected by a path traversal in its Faiss and SimpleStore vector store implementations. The vulnerability arises from unsanitized basePath parameters accepted from authenticated users, enabling attackers with valid API tokens to write vector store data to arbitrary files...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 3:54 p.m.7 views

EUVD-2026-40352

Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...

4.2CVSS5.9AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-53808

Name of the Vulnerable Software and Affected Versions PixMagix – WordPress Image Editor versions prior to 1.7.3 Description Authenticated attackers with author-level access and above can write files with controlled content to arbitrary server locations. The issue occurs because the layers.id...

6.5CVSS6AI score0.00541EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:40 p.m.8 views

CVE-2026-28701

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...

9.8CVSS6AI score0.00702EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 6:18 p.m.32 views

CVE-2026-49247 Jellyfin: Potential Authenticated path traversal in /ClientLog/Document

Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a...

8.8CVSS0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52066

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description Missing path sanitization during playback allows the use of a specially crafted MKV file with forged filename tags to redirect attachment extraction to any absolute path on the disk. This occurs...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.13 views

CVE-2026-49358

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, AbstractGenerator::$temporaryFiles is a public array, and removeTemporaryFiles — invoked from destruct and from a registered shutdown function — calls unlink on every entry without verifying...

3CVSS0.00112EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 7:16 p.m.10 views

UBUNTU-CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/12 6:8 p.m.10 views

CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.16 views

CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

6.5CVSS5.7AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 9:10 a.m.44 views

CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

0.00269EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48397

Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...

6.5CVSS6AI score0.00269EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Debusine 后置链接漏洞

Debusine is a software supply management platform for the Debian community, focused on package building, testing, analysis, and distribution. Debusine has a post-installation vulnerability that stems from allowing arbitrary user-controlled paths during the parsing of Debian source packages and th...

6.5CVSS5.4AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.14 views

CVE-2026-42085

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS5.5AI score0.00313EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/29 12:53 p.m.11 views

CVE-2026-10075 Interinfo|DreamMaker - Path Traversal

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 12:53 p.m.37 views

CVE-2026-10075

Technical details (e.g., affected products/versions, root cause, exploit specifics, fixes) are not publicly available in the provided documents. Monitor for updates as new information is released.

6.9CVSS5.9AI score0.00387EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 12:53 p.m.13 views

EUVD-2026-33301

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:53 p.m.10 views

CVE-2026-10075

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 2:44 p.m.8 views

CVE-2026-44593 esm.sh: Legacy Route Path Traversal Can Lead to RCE

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
Rows per page
Query Builder