Lucene search
K

935 matches found

Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30905

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.63.1 Description: File Browser is a file managing interface. Prior to version 2.63.1, when an administrator revokes a user's Share and Download permissions, existing share links created by that user remain...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.5 views

CVE-2026-34524

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read...

8.8CVSS6AI score0.0057EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

WordPress plugin Perfmatters 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS7.4AI score0.00658EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/02 5:15 p.m.10 views

CVE-2026-34524 SillyTavern: Path traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read...

8.3CVSS6AI score0.0057EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Endian Firewall 路径遍历漏洞

Endian Firewall is a network security firewall system developed by Endian Corporation. Versions of Endian Firewall 3.3.25 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the lack of cleaning of the directory traversal sequences for the remove ARCHIVE paramete...

8.1CVSS5.8AI score0.00629EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:41 p.m.5 views

GHSA-VPRR-Q85P-79MF SillyTavern: Path Traversal in `/api/chats/export` and `/api/chats/delete` allows arbitrary file read/delete within user data root

Summary A Path Traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root for example secrets.json and settings.json by supplying avatarurl="..". Details The input validator used by avatarurl blocks only / and NUL bytes...

8.3CVSS6AI score0.0057EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29662

Summary A Path Traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root for example secrets.json and settings.json by supplying avatar url="..". Details The input validator used by avatar url blocks only / and NUL...

8.3CVSS6AI score0.0057EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 p.m.2 views

CVE-2026-29070 Open WebUI has unauthorized deletion of knowledge files

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...

5.4CVSS5.9AI score0.00252EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-28816

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...

4CVSS5.8AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-25689

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions,...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00535EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

WordPress plugin WP Job Portal 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6.2AI score0.0078EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/25 9:17 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the ReadOne process. An attacker can gain unauthorized access to and delete files belonging to other users by supplying their own accessible task ID along with a target attachment...

8.6CVSS6.4AI score0.00265EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/25 3:31 a.m.10 views

EUVD-2026-15077

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...

5.8AI score0.0022EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 1:17 a.m.5 views

CVE-2026-28816

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...

4CVSS0.0022EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 12:32 a.m.12 views

CVE-2026-28823

CVE-2026-28823: A path handling issue in macOS Tahoe 26.4 (Admin Framework) with inadequate validation could enable a root-privileged app to delete protected system files. The vulnerability is fixed in macOS Tahoe 26.4; ongoing risk remains if unpatched systems exist. The CVE entry notes a protec...

4.9CVSS5.8AI score0.00294EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 12:31 a.m.3 views

CVE-2026-28816

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...

5.8AI score0.0022EPSS
Exploits0References3
CVE
CVE
added 2026/03/23 3:52 p.m.11 views

CVE-2026-33493

CVE-2026-33493 affects WWBN AVideo (versions up to and including 26.0). The vulnerability is rooted in objects/import.json.php, which only validates fileURI ends with .mp4 and imposes no directory restriction. An authenticated user with upload permission can abuse this to: (1) import another user...

8.1CVSS5.8AI score0.00335EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.11 views

WordPress plugin Invelity Product Feeds 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 6:57 p.m.5 views

CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References4
Rows per page
Query Builder