Lucene search
K

6401 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 7:18 p.m.8 views

CVE-2026-52951

A flaw was found in the Linux kernel's drm/xe/dma-buf subsystem. This vulnerability involves race conditions when handling the invalidatemappings hook, particularly during buffer object initialization and attachment. An attacker, by triggering specific sequences of operations, could exploit these...

7.8CVSS5.9AI score0.00132EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-4339

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:44 p.m.37 views

CVE-2026-4339 SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery SS...

6.5CVSS0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:44 p.m.27 views

CVE-2026-4339

Mattermost CPT: CVE-2026-4339 affects Mattermost versions 10.11.x up to 10.11.18, 11.6.x up to 11.6.3, and 11.5.x up to 11.5.6. The vulnerability arises from the Agents plugin MCP server failing to validate attachment URLs against internal/private IP ranges, enabling an attacker with MCP stdio ac...

6.5CVSS5.8AI score0.00104EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 10:46 a.m.10 views

CVE-2026-53236

A flaw was found in the Linux kernel's handling of TCP sockets. An unprivileged application can exploit this vulnerability by attaching a Berkeley Packet Filter BPF using the SOATTACHFILTER option. This allows the application to conduct a side-channel attack, leading to the leakage of sensitive T...

7CVSS5.8AI score0.00128EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.9 views

CVE-2026-13324

A vulnerability has been identified in the GNOME Geary package within its mailto URI handling component. This flaw occurs because the email client automatically processes a non-standard attach parameter in email links without prompting or alerting the user. An attacker could exploit this by...

6.5CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.21 views

CVE-2025-71333 Flowise - Arbitrary File Upload via Unauthenticated /api/v1/attachments Endpoint

Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upload malicious files to arbitrary directories, potentially...

9.3CVSS0.00611EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 4:16 p.m.9 views

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:25 p.m.16 views

CVE-2026-48946

CVE-2026-48946 affects the K2 frontend Joomla extension (getk2.com) prior to version 2.26. The issue allows a K2 Author to upload a PHP file (e.g., shell.php) via the article-attachment upload path; Apache mod_php executes the file under the K2 web user, enabling arbitrary PHP code execution in t...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:24 p.m.34 views

CVE-2026-48944 Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

0.00295EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 3:24 p.m.6 views

CVE-2026-48944 Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

5.8AI score0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:24 p.m.5 views

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 3:24 p.m.14 views

CVE-2026-48944

Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 3:24 p.m.6 views

EUVD-2026-39440

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:24 p.m.8 views

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/25 12:0 a.m.3 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the WriteToCachedFile function when handling network cache files in certain configurations. An attacker can overwrite specific host files and change their ownership by planting a symbolic lin...

4.2CVSS6.1AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS0.00422EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:19 p.m.6 views

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS5.9AI score0.00422EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 8:19 p.m.24 views

CVE-2026-52799 Gogs: Missing Authorization in Attachment Download

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS0.00422EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:19 p.m.15 views

CVE-2026-52799

Gogs (version

7.5CVSS5.9AI score0.00422EPSS
Exploits0References2
Rows per page
Query Builder