Lucene search
K

13 matches found

OSV
OSV
added last week4 views

GHSA-H64P-8H4R-6GFH SFTPGo has path confinement bypass in public browsable share partial ZIP download

Summary The public web-client endpoint for partial ZIP downloads of a browsable share did not correctly confine the client-supplied files entries to the shared directory. A requester able to reach a public share could read files located outside the shared directory, as long as the target's...

5.9CVSS5.8AI score0.00057EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55446

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.3 Description A path confinement bypass exists in the public web-client endpoint used for partial ZIP downloads of browsable shares. The system failed to correctly restrict client-supplied file entries to the...

5.9CVSS5.9AI score0.00057EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 7:17 p.m.16 views

CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 5:31 p.m.11 views

EUVD-2026-36072

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS5.4AI score0.00114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-42035

Name of the Vulnerable Software and Affected Versions pymdown-extensions versions 10.0.1 through 10.21.2 Description A regression in the pymdownx.snippets extension allows for arbitrary file read on the host system where the build runs. When restrict base path is set to True, the software uses a...

4.3CVSS6.1AI score0.0003EPSS
Exploits0References7
CVE
CVE
added 2026/04/21 9:44 p.m.23 views

CVE-2026-6832

CVE-2026-6832 affects Nesquena Hermes WebUI. The vulnerability resides in the /api/session/delete endpoint where an unvalidated session_id enables an authenticated attacker to bypass the SESSION_DIR boundary using absolute or path traversal payloads, enabling deletion of writable JSON files outsi...

8.1CVSS5.9AI score0.00475EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 12:4 a.m.7 views

File Browser has an access rule bypass via HasPrefix without trailing separator in path matching

Hi, The Matches function in rules/rules.go uses strings.HasPrefix without a trailing directory separator when matching paths against access rules. A rule for /uploads also matches /uploadsbackup/, granting or denying access to unintended directories. Verified against v2.62.2 commit 860c19d. Detai...

7.5CVSS5.9AI score0.00392EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/08 12:4 a.m.3 views

GHSA-5Q48-Q4FM-G3M6 File Browser has an access rule bypass via HasPrefix without trailing separator in path matching

Hi, The Matches function in rules/rules.go uses strings.HasPrefix without a trailing directory separator when matching paths against access rules. A rule for /uploads also matches /uploadsbackup/, granting or denying access to unintended directories. Verified against v2.62.2 commit 860c19d. Detai...

6.3CVSS5.8AI score0.00392EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/11 1:32 p.m.4 views

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

MCP Atlassian 安全漏洞

MCP Atlassian is an MCP server developed by Hyeonsoo Lee, which connects AI assistants with project management tools. There were security vulnerabilities in versions of MCP Atlassian prior to 0.17.0. These vulnerabilities stemmed from the confluencedownloadattachment tool not enforcing directory...

9CVSS6.3AI score0.0226EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/09 5:41 p.m.9 views

Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Impact The PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pagesPath directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can u...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/09 5:41 p.m.4 views

GHSA-HM3F-Q6RW-M6WH Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Impact The PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pagesPath directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can u...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2012/03/15 12:0 a.m.15 views

XnView Multiple Buffer Overflow Vulnerabilities - Mar12 (Windows)

This host has XnView installed and is prone to multiple heap based buffer overflow vulnerabilities. Vulnerabilities Insight: The flaws are due to - A signedness error in the FlashPix plugin Xfpx.dll when validating buffer sizes to process image's content. - An error when processing image data...

0.7AI score
Exploits0References4
Rows per page
Query Builder