Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/15 12:0 a.m.10 views

EUVD-2026-36674

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS7.2AI score0.00525EPSS
Exploits0References7
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2026-12198

CVE-2026-12198 affects Microweber up to 2.0.20. The vulnerability is in the API Endpoint file /api_nosession/thumbnail_img, specifically the function userfiles_path, where manipulating the argument cache_path_relative can cause a path traversal. It is possible to launch the attack remotely, and p...

7.5CVSS7.1AI score0.00525EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.22 views

PT-2026-49149

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...

7.5CVSS5.4AI score0.00525EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-23518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the...

9.8CVSS7.3AI score0.01943EPSS
Exploits1References2
Rows per page
Query Builder