Lucene search
K

935 matches found

Cvelist
Cvelist
added 2026/04/23 6:14 p.m.30 views

CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

9.8CVSS0.00554EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:14 p.m.4 views

CVE-2026-6074

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

9.3CVSS5.9AI score0.00554EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/23 6:14 p.m.12 views

CVE-2026-6074

CVE-2026-6074 describes a path traversal vulnerability in the Intrado 911 Emergency Gateway (EGW). The issue arises from a malformed path (".../...//") that could allow an attacker with existing network access to reach the EGW management interface without authentication. Successful exploitation c...

9.8CVSS5.9AI score0.00554EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.13 views

PT-2026-34718

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue allows an attacker to create a junction, which enables the deletion of arbitrary files with SYSTEM privileges. This condition potentially facilitates...

8.6CVSS5.6AI score0.00146EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

Tenable Nessus 后置链接漏洞

Tenable Nessus is a vulnerability scanning software developed by the American company Tenable. Tenable Nessus has a backlink vulnerability, which allows attackers to create connection points, enabling them to delete any file with SYSTEM privileges. This vulnerability could potentially be exploite...

8.6CVSS5.9AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/16 10:54 p.m.5 views

CVE-2026-40318 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...

8.5CVSS5.8AI score0.00287EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 10:49 p.m.20 views

CVE-2026-40259

SiYuan prior to v3.6.4 is affected by CVE-2026-40259 via the /api/av/removeUnusedAttributeView endpoint. The issue arises because authentication via publish-service RoleReader is insufficient and the handler passes a caller-controlled id directly to a model function that unconditionally deletes t...

8.1CVSS5.9AI score0.004EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/14 4:16 p.m.4 views

CVE-2025-68649

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer...

6.5CVSS0.00413EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 4:16 p.m.4 views

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

6.5CVSS0.00498EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 12:16 a.m.3 views

CVE-2026-27673

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

4.9CVSS0.00158EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:6 a.m.15 views

CVE-2026-27673

CVE-2026-27673 describes a missing authorization check in SAP S/4HANA (Private Cloud and On-Premise) that allows an authenticated user to delete files on the operating system and perform unauthorized file operations. The underlying impact reported is: Confidentiality – None, Integrity – Low, Avai...

4.9CVSS5.8AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32553

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

4.9CVSS5.8AI score0.00158EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

Fortinet FortiAnalyzer Path Traversal in CLI (FG-IR-26-120)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-120 advisory. - An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiAnalyzer...

6.5CVSS5.8AI score0.00413EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

Fortinet FortiManager Path Traversal in CLI (FG-IR-26-120)

The version of FortiManager installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-120 advisory. - An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiAnalyzer...

6.5CVSS5.8AI score0.00413EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.8 views

NoMachine 安全漏洞

NoMachine is a remote desktop access tool developed by NoMachine Company in Luxembourg. NoMachine has a security vulnerability, which stems from improper handling of environment variables. This vulnerability could allow local attackers to delete any file they desire...

7.1CVSS7.1AI score0.00149EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 9:10 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing authorization checks in state-changing routes. An attacker can upload or delete files, create directories, and remove access control policies by sending unauthenticated requests to endpoints such as...

9.8CVSS8.5AI score0.00651EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:32 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the removeUnusedAttributeView process. An attacker can delete arbitrary .json files within the workspace by supplying crafted path traversal sequences in the id parameter, allowing removal of files outside the...

8.5CVSS6.3AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 6:17 p.m.6 views

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS0.01318EPSS
Exploits1References3
CVE
CVE
added 2026/04/09 5:1 p.m.14 views

CVE-2026-39981

CVE-2026-39981 affects AGiXT (dynamic AI Agent Automation Platform). The vulnerability is in the safe_join() function of the essential_abilities extension, where path validation fails and allows directory traversal to read, write, or delete arbitrary files on the server. This requires authenticat...

8.8CVSS6AI score0.01318EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

AGiXT 路径遍历漏洞

AGiXT is an AI automation platform developed by Josh XT, supporting multiple models and extended functions. Prior to AGiXT version 1.9.2, there was a path traversal vulnerability. This vulnerability stemmed from the safejoin function not verifying whether the file path was within the specified...

8.8CVSS5.8AI score0.01318EPSS
Exploits1References3
Rows per page
Query Builder