Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

230 matches found

ATTACKERKB
ATTACKERKBadded 2026/02/04 9:58 p.m.4 views

CVE-2026-25579

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

9.2CVSS5.4AI score0.00455EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinuxadded 2026/02/04 9:58 p.m.3 views

CVE-2026-25579

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

9.2CVSS5.5AI score0.00455EPSS
Exploits1
Snyk
Snykadded 2026/01/27 1:48 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the repoName parameter, when the TAP 4 map file content is externally controlled. An attacker can write files outside the intended cache base directory by supplying a crafted value containing directory traversal...

5.7CVSS6.3AI score0.00211EPSS
Exploits1References2
Snyk
Snykadded 2026/01/27 1:48 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the repoName parameter, when the TAP 4 map file content is externally controlled. An attacker can write files outside the intended cache base directory by supplying a crafted value containing directory traversal...

5.7CVSS6.3AI score0.00211EPSS
Exploits1References2
OSV
OSVadded 2026/01/27 1:16 a.m.2 views

DEBIAN-CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS8.4AI score0.00211EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/01/27 12:45 a.m.31 views

CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

4.7CVSS0.00211EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/01/27 12:0 a.m.6 views

Go-TUF path traversal vulnerability

go-tuf is a framework developed by The Update Framework for protecting software update systems. Versions of go-tuf prior to 2.4.1 contained a path traversal vulnerability. This vulnerability stemmed from the use of repository name strings as file system path components, allowing for path traversa...

4.7CVSS5.8AI score0.00211EPSS
Exploits1References3
CVE
CVEadded 2026/01/23 12:4 a.m.20 views

CVE-2026-24137

CVE-2026-24137 affects the sigstore framework (Go library used by sigstore services/clients). In versions ≤ 1.10.3, the legacy TUF client stores cached target files on disk by constructing a filesystem path from a cache base directory and a name from signed target metadata, without ensuring the p...

5.8CVSS5.7AI score0.0037EPSS
Exploits0References3
Snyk
Snykadded 2026/01/21 1:6 a.m.3 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.3CVSS5.6AI score
Exploits0References2
Snyk
Snykadded 2026/01/21 1:6 a.m.7 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.6AI score
Exploits0References2
Snyk
Snykadded 2026/01/21 1:6 a.m.5 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.3CVSS5.6AI score
Exploits0References2
EUVD
EUVDadded 2025/12/09 6:30 p.m.3 views

EUVD-2025-201888

Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications...

4.8CVSS6.3AI score0.00111EPSS
Exploits0References3
NVD
NVDadded 2025/12/09 4:18 p.m.3 views

CVE-2025-64696

Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications...

4.8CVSS0.00111EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2025/12/09 8:25 a.m.6 views

Android App "Brother iPrint&Scan" improper use of an external cache directory

Overview iPrint provided by Brother Industries, Ltd. contains the following vulnerability. Improper use of an external cache directory CWE-524 - CVE-2025-64696 Johan Francsics reported this vulnerability to BROTHER INDUSTRIES, LTD. and coordinated. After the coordination, BROTHER INDUSTRIES, LTD...

4.8CVSS4.4AI score0.00111EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/12/09 8:16 a.m.20 views

CVE-2025-64696

Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications...

4.8CVSS0.00111EPSS
Exploits0References2
CVE
CVEadded 2025/12/09 8:16 a.m.12 views

CVE-2025-64696

CVE-2025-64696 affects the Android app Brother iPrint&Scan (versions 6.13.7 and earlier). The root cause is improper use of an external cache directory, which can allow malicious apps to access application-specific files. Impact stated in sources: application-specific files may be accessed by oth...

4.8CVSS4.6AI score0.00111EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/12/02 10:31 p.m.5 views

CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS7.2AI score0.0057EPSS
Exploits0References5
Snyk
Snykadded 2025/12/02 6:28 a.m.4 views

Incorrect Default Permissions

Overview caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure file permissions. The cache directory and database file are created without enforcing restrictive access...

6.3CVSS6.8AI score
Exploits0References3
EUVD
EUVDadded 2025/11/28 3:30 p.m.6 views

EUVD-2025-199871

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS7AI score0.0057EPSS
Exploits0References2
OSV
OSVadded 2025/11/28 3:16 p.m.3 views

AZL-71185 CVE-2025-12638 affecting package keras for versions less than 3.3.3-5

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS6AI score0.0057EPSS
Exploits0References1
Rows per page
Query Builder