Lucene search
K

957 matches found

Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.80 views

📄 Dash-Uploader 0.7.0a2 Path Traversal

There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...

9.8CVSS5.8AI score0.05982EPSS
Exploits5
CVE
CVE
added 2026/05/08 12:0 a.m.21 views

CVE-2026-38360

CVE-2026-38360 affects fohrloop dash-uploader, with directory traversal in dash_uploader/httprequesthandler.py affecting versions 0.1.0 through 0.7.0a2. The vulnerability arises from unvalidated user-supplied values used in get_temp_root (upload_id), resumableFilename, and resumableIdentifier, wh...

9.8CVSS6AI score0.05982EPSS
Exploits4References8
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

dash-uploader 路径遍历漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain a path traversal vulnerability. This vulnerability stems from directory traversal in the dashUploader/httpRequestHandler.py, BaseHttpRequestHandler.getTempRoot...

9.8CVSS6.1AI score0.05982EPSS
Exploits4References1
CVE
CVE
added 2026/05/08 12:0 a.m.20 views

CVE-2026-38361

CVE-2026-38361 affects fohrloop/dash-uploader (versions 0.1.0–0.7.0a2). The flaw resides in dash_uploader/httprequesthandler.py and related components where attacker-controlled resumableTotalChunks and related parameters enable unbounded memory allocation (OOM) and a file-truncation path, leading...

7.5CVSS5.5AI score0.02643EPSS
Exploits5References11Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.107 views

Exploit for CVE-2026-38361

CVE-2026-38361: Multiple Unauthenticated DoS Vulnerabilities i...

6.1AI score0.05982EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.111 views

Exploit for CVE-2026-38360

CVE-2026-38360: Path Traversal in dash-uploader !CVEhttps...

6AI score0.05982EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/07 2:59 p.m.99 views

Exploit for CVE-2026-38360

CVE-2026-38360: Directory Traversal in dash-uploader !CVE...

6AI score0.05982EPSS
Exploits5
OSV
OSV
added 2026/05/07 9:15 a.m.16 views

CLSA-2026-1778145319 python2: Fix of 3 CVEs

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...

7.5CVSS5.8AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 8:29 a.m.8 views

CLSA-2026-1778142589 python3: Fix of 2 CVEs

CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.13 views

TencentOS Server 2: python (TSSA-2026:0281)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0281 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/06 7:32 p.m.8 views

@c0va23/react-router-dev (=7.8.3-alpha.2), @holocron.so/cli (>=0.6.0 <=0.16.0) +15 more potentially affected by CVE-2026-23870 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.24)

@vitejs/plugin-rsc NPM version =0.4.11, =0.6.0, =0.5.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental-2a6c7bc, =0.0.0-pr-32412-sha-4e0feb24, =1.0.2, =0.1.0, =0.0.1, =1.18.0-rsc.19, =0.1.0, =0.0.1-alpha.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-23870 Source advisory:...

7.5CVSS7AI score0.01533EPSS
Exploits1
OSV
OSV
added 2026/05/06 5:16 p.m.19 views

CLSA-2026-1778087756 python3: Fix of 2 CVEs

CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/06 12:10 p.m.10 views

Security update for python3

This update for python3 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969...

9.1CVSS6.7AI score0.00621EPSS
Exploits1References40
vulnersOsv
vulnersOsv
added 2026/05/05 8:30 p.m.12 views

@openinc/parse-server-opendash (>=4.0.0 <=4.0.29) potentially affected by CVE-2026-43930 via parse-server (>=9.6.0-alpha.37 <=9.8.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.29 Source cves: CVE-2026-43930 Source advisory: SNYK:JS-PARSESERVER-16424355...

5.9CVSS5.8AI score0.00236EPSS
Exploits0
OSV
OSV
added 2026/05/05 4:31 p.m.15 views

CLSA-2026-1777998709 python2: Fix of 3 CVEs

CVE-2025-8194: validate that tarfile member offsets are non-negative to prevent infinite loop / DoS during parsing of malicious tar archives - CVE-2026-4519: reject URLs with leading dashes in webbrowser.open to prevent injection of command-line options into spawned browser process -...

7.5CVSS5.8AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 1:25 a.m.7 views

CLSA-2026-1777944317 Fix CVE(s): CVE-2025-8194, CVE-2026-4519, CVE-2026-4786

SECURITY UPDATE: tarfile DoS via negative member offsets - debian/patches/CVE-2025-8194.patch: validate that member offsets are non-negative in Lib/tarfile.py. - CVE-2025-8194 SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch:...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 8:29 a.m.8 views

CLSA-2026-1777883384 python3.11: Fix of CVE-2026-4786

CVE-2026-4786: fix webbrowser %action substitution bypass of dash-prefix check by validating url after %action expansion and reordering replace calls so the dash-prefix check sees the final argument...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/03 8:52 p.m.7 views

CVE-2026-31518 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31518 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/05/02 12:58 a.m.10 views

CLSA-2026-1777457441 python: Fix of 2 CVEs

CVE-2026-4519: reject webbrowser.open URLs with a leading dash to prevent CLI option injection into the spawned browser process - CVE-2026-4786: validate URLs after %action substitution and swap the substitution order in UnixBrowser.open to close a bypass of the CVE-2026-4519 dash-prefix check...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/05/02 12:58 a.m.16 views

python: Fix of 2 CVEs

CVE-2026-4519: reject webbrowser.open URLs with a leading dash to prevent CLI option injection into the spawned browser process - CVE-2026-4786: validate URLs after %action substitution and swap the substitution order in UnixBrowser.open to close a bypass of the CVE-2026-4519 dash-prefix check...

7.1CVSS6.4AI score0.00308EPSS
Exploits0
Rows per page
Query Builder