Lucene search
K

27810 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 7:14 p.m.6 views

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5334 Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea

Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 6:11 p.m.32 views

CVE-2026-56779 MaxKB < 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Parameters

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS0.00171EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:11 p.m.6 views

CVE-2026-56779

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS6AI score0.00171EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:11 p.m.5 views

EUVD-2026-39527

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS6AI score0.00171EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 6:11 p.m.16 views

CVE-2026-56779

MaxKB

6.4CVSS6AI score0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 6:5 p.m.20 views

CVE-2026-56768 Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS0.00381EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 6:5 p.m.6 views

EUVD-2026-39520

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 5:39 p.m.30 views

CVE-2026-54093 File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:39 p.m.24 views

CVE-2026-54093

CVE-2026-54093 affects File Browser prior to v2.63.6, where archive entry names for zip/tar are built using Windows-style backslashes. On Linux, backslashes are preserved in names, allowing a Windows-style traversal like ....\evil.txt to be written on disk and then emitted verbatim in the archive...

6.8CVSS6AI score0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:35 p.m.7 views

CVE-2026-54096

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS6AI score0.00175EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:35 p.m.29 views

CVE-2026-54096 File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:35 p.m.22 views

CVE-2026-54096

File Browser exposes a vulnerability: an authenticated user can create a public share for a path that does not yet exist, and that share becomes valid later when a file is created at that path, potentially exposing future files via GET /api/public/dl/. The issue is triggered by POST /api/share/, ...

8.4CVSS6AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 5:16 p.m.26 views

CVE-2026-55439

Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the server filesystem. The backup download endpoint GET...

5.5CVSS0.00337EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 5:16 p.m.8 views

CVE-2026-55092

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7.5CVSS0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:47 p.m.9 views

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:47 p.m.34 views

CVE-2026-55700 pnpm: stage download writes outside destination via manifest version traversal

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
Rows per page
Query Builder