Lucene search
+L

165 matches found

Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-61718 bunkerweb: Read-only Web UI users can delete job cache files due to missing authorization on /cache/ routes

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...

5.4CVSS0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-58720

Name of the Vulnerable Software and Affected Versions Podlove Podcast Publisher versions prior to 4.5.2 Description Missing file type validation in the podlove handle cache files function allows unauthenticated attackers to upload arbitrary files to the server. This flaw in the image cache can le...

9.8CVSS6.4AI score0.01079EPSS
Exploits3References7
NVD
NVD
added 2026/06/23 6:18 p.m.12 views

CVE-2026-54014

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS0.00244EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2026/06/01 2:51 p.m.21 views

USN-8055-2: Evolution Data Server vulnerability

USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly us...

5.6CVSS6AI score0.00189EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/12 2:27 a.m.9 views

CVE-2026-40044

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS6.2AI score0.00484EPSS
Exploits1References1
Veracode
Veracode
added 2026/05/07 9:32 a.m.16 views

Insecure Deserialization

pdfminer.six vulnerable to insecure deserialization. The vulnerability is due to the unsafe use of Python pickle for deserializing CMap cache files without proper validation, which allows an attacker to place a malicious pickle file in an accessible location and execute arbitrary code or escalate...

6.5CVSS6.2AI score0.00223EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/13 7:16 p.m.8 views

CVE-2026-40044

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS0.00484EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:11 p.m.5 views

CVE-2026-40044

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS6.2AI score0.00484EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/13 6:11 p.m.25 views

CVE-2026-40044

CVE-2026-40044 affects Pachno 1.0.6 through a deserialization vulnerability that lets unauthenticated attackers execute arbitrary code by injecting malicious serialized PHP objects into world-writable cache files with predictable names. The cache files are unserialized during framework bootstrap ...

9.8CVSS6.2AI score0.00484EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/04/07 2:55 p.m.86 views

grav-cms-filecache-object-injection

Grav CMS FileCache Object Injection Description The File...

5.7AI score
Exploits0
OSV
OSV
added 2026/03/12 8:16 p.m.3 views

DEBIAN-CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

7.5CVSS8.6AI score0.00572EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 8:16 p.m.4 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS0.00572EPSS
Exploits0References10
OSV
OSV
added 2026/03/12 8:16 p.m.4 views

UBUNTU-CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 7:47 p.m.4 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/12 7:47 p.m.39 views

CVE-2026-32274

CVE-2026-32274 affects the Black Python formatter prior to 26.3.1. The cache filename is derived from various formatting options, and the value of the --python-cell-magics option was included without sanitization, allowing an attacker who controls that value to write cache files to arbitrary file...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.15 views

Black 路径遍历漏洞

Black is a Python code formatting tool open-sourced by the Python Software Foundation. Versions of Black prior to 26.3.1 had a path traversal vulnerability. This vulnerability stemmed from the value of the “python-cell-magics” option, which did not clean up cache file names. As a result, it was...

8.7CVSS7.3AI score0.00572EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.9 views

Evolution Data Server 安全漏洞

Evolution Data Server is an application developed by the GNOME organization. It provides an address book and calendar, allowing all applications to store and retrieve information. There is a security vulnerability in Evolution Data Server, which stems from local cache files. Attackers can bypass...

5.8AI score0.00189EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/04 12:26 a.m.14 views

SUSE CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

6.5CVSS7.9AI score0.00223EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/03 6:30 p.m.9 views

Duplicate Advisory: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f83h-ghpp-7wcc. This link is maintained to preserve external references. Original Description pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The...

7.8AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.11 views

CVE-2021-31798

The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...

4.4CVSS6.6AI score0.00437EPSS
Exploits0References1
Rows per page
Query Builder