Lucene search
K

2879 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Zyxel WRE6505 安全漏洞

The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains a security vulnerability. This vulnerability stems from the insecure storage of sensitive information in the configuration file, which may allow local...

4.4CVSS5.8AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention; this vulnerability stems from the training script registering the Python eval function as a Hydra configuration parser, whic...

7.3CVSS6.2AI score0.00247EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Pi-hole 安全漏洞

Pi-hole is a web-level advertising blocking application developed by Pi-hole Inc. Versions of Pi-hole from 6.0 to 6.4.2, as well as FTL 6.6.1, contained security vulnerabilities. These vulnerabilities stemmed from shell scripts that failed to validate the files.pid path read from configuration...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 5:30 p.m.9 views

USN-8238-1 editorconfig-core vulnerability

It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A local attacker could possibly use this issue to cause EditorConfig to crash, resulting in a denial of service...

8.6CVSS5.8AI score0.00151EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/05/06 5:30 p.m.12 views

USN-8238-1: EditorConfig vulnerability

It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A local attacker could possibly use this issue to cause EditorConfig to crash, resulting in a denial of service...

8.6CVSS5.8AI score0.00151EPSS
Exploits1
CVE
CVE
added 2026/05/06 4:21 p.m.21 views

CVE-2026-21661

The CVE-2026-21661 entry concerns Johnson Controls AC2000 on Windows with an Uncontrolled Search Path Element/vulnerability that, per connected sources, is exploited via DLL hijacking. Affected behavior allows a standard user to escalate privileges on the host by manipulating configuration/file s...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Johnson Controls AC2000 代码问题漏洞

Johnson Controls AC2000 is an enterprise-level access control and security management system developed by Johnson Controls. There is a code vulnerability in Johnson Controls AC2000, which stems from uncontrolled search path elements, potentially allowing the search path in configuration files to ...

8.4CVSS5.9AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-38543

It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A local attacker could possibly use this issue to cause EditorConfig to crash, resulting in a denial of service...

8.6CVSS5.8AI score0.00151EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/05 12:31 p.m.8 views

EUVD-2023-60568

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

8.7CVSS5.8AI score0.0031EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.32 views

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

8.7CVSS0.0031EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:21 a.m.4 views

CVE-2026-6418

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS5.9AI score0.00376EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 5:16 p.m.4 views

CVE-2022-50992

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS0.00705EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

Weaver E-cology 路径遍历漏洞

Weaver E-cology is a collaboration management platform developed by the Chinese company Weaver. Versions of Weaver E-cology prior to 9.5 and 10.52 had a path traversal vulnerability. This vulnerability stemmed from an arbitrary file reading vulnerability present in the XML-RPC endpoints provided ...

8.7CVSS6AI score0.00705EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-50992

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS5.8AI score0.00705EPSS
In wildExploits0References2
Snyk
Snyk
added 2026/04/29 9:37 p.m.6 views

Directory Traversal

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Directory Traversal via the ecardpreview.php process. An attacker can access arbitrary files on the server, including sensitive...

7.1CVSS6.3AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from an access control bypass vulnerability in the allowProfiles function. This allowed attackers to...

8.1CVSS5.8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 10:6 p.m.12 views

MAL-2026-3000 Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

5.5AI score
Exploits0References6
EUVD
EUVD
added 2026/04/17 6:31 p.m.5 views

EUVD-2026-23450

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References4
OSV
OSV
added 2026/04/17 4:0 p.m.2 views

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.9AI score0.0023EPSS
Exploits1References6
Rows per page
Query Builder