Lucene search
K

27800 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-408 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

Summary The confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool and supply or access a Confluence attachment with malicious content can write arbitrary content to any path the serv...

9CVSS6.7AI score0.0226EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-554 TorchServe vulnerable to bypass of allowed_urls configuration

Impact TorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which...

9.8CVSS5.8AI score0.00792EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-492 pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/appblueprint.py python @bp.route"/render/", endpoint="render" def renderfilename:...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References5
PyPA
PyPA
added 2026/06/29 11:50 a.m.3 views

pyLoad allows upload to arbitrary folder lead to RCE

SummaryAn authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Detailsexample version: 0.5file:src/pyload/webui/app/blueprints/[email protected]"/render/", endpoint="render"def renderfilename: mimetype =...

9.1CVSS7.5AI score0.01354EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-357 internetarchive Vulnerable to Directory Traversal in File.download()

Impact What kind of vulnerability is it? This is a Critical severity directory traversal path traversal vulnerability in the File.download method of the internetarchive library. Who is impacted? All users of the internetarchive library versions 5.5.1 are impacted. The vulnerability is particularl...

9.4CVSS6AI score0.01402EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-359 InvokeAI has External Control of File Name or Path

Path Traversal Vulnerability in InvokeAI A path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it int...

9.8CVSS7.5AI score0.00353EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:18 a.m.7 views

Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36bbf14a743630a93ba7f8d7529d3fae8073f0f585af4343506be6248fc1b59 [email protected] ships a postinstall script install-check.cjs that fetches a JSON config from...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:59 a.m.8 views

Malicious code in checkmarx-claude-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26a16e61d88e467ada75205ee93a9339cdf2fb65f3ded068282b4d83b6cb05e9 When the CLI runs the documented npx checkmarx-claude-cache invocation pattern, bin/cli.js performs an HTTPS GET to a hardcoded URL on a lookalike ho...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:2 a.m.8 views

Malicious code in polymarket-clob-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d67023e54ba355e9c82fd2a05d2d2448657a3ea9415ff18d3c4669a9fc0afb42 [email protected] ships a postinstall lifecycle script that performs an install-time remote-code-execution drop. On npm install, the script...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2455)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...

8.2CVSS7.4AI score0.0218EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/26 8:55 p.m.38 views

CVE-2026-49984 Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...

7.7CVSS0.00386EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 8:55 p.m.19 views

CVE-2026-49984

CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...

7.7CVSS6AI score0.00386EPSS
Exploits1References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 4:51 a.m.8 views

Malicious code in openblox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdd874a78973f84b5373fc03a48472c338ca82ef0a258b7614f81a8359da1201 setup.py invokes GetGitCommitHash unconditionally at module top level, so it runs on pip install openblox and any setuptools invocation. On Windows t...

6.5AI score
Exploits0References7
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2025-210336

Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile, where a fallback file-lookup path constructed...

8.7CVSS6AI score0.00346EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5530 Note Mark has Broken Access Control on Asset Download in github.com/enchant97/note-mark/backend

Note Mark has Broken Access Control on Asset Download in github.com/enchant97/note-mark/backend...

5.9CVSS5.8AI score0.00409EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-54096

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 7:14 p.m.6 views

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5334 Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea

Gitea: Token scope bypass on web archive download endpoint in code.gitea.io/gitea...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder