CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Circl•added 2026/04/28 6:30 p.m.•5 views

CVE-2026-42545

creationtimestamp| type| source ---|---|--- 2026-04-28 18:30:30+00:00| published-proof-of-concept| https://github.com/emmett-framework/granian/security/advisories/GHSA-f5p7-9fr5-8jmj...

5.9CVSS5.8AI score0.00052EPSS

Snyk•added 2026/04/08 12:18 a.m.•2 views

Directory Traversal

Overview emmett is a The web framework for inventors Affected versions of this package are vulnerable to Directory Traversal via the RSGI static handler for internal assets. An attacker can access arbitrary files outside the intended directory by sending specially crafted requests containing...

9.1CVSS6.4AI score0.00019EPSS

OSV•added 2026/04/08 12:18 a.m.•2 views

GHSA-PR46-2V3C-5356 Emmett has a path traversal in internal assets handler

The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...

7.5CVSS5.9AI score0.00019EPSS

Exploits0References4

Github Security Blog•added 2026/04/08 12:18 a.m.•4 views

Emmett has a path traversal in internal assets handler

Exploits0References4Affected Software1

EUVD•added 2026/04/08 12:18 a.m.•1 views

EUVD-2026-19974

Emmett has a path traversal in internal assets handler...

9.1CVSS5.9AI score0.00019EPSS

NVD•added 2026/04/07 10:16 p.m.•3 views

CVE-2026-39847

9.1CVSS0.00019EPSS

PyPA•added 2026/04/07 10:16 p.m.•7 views

PYSEC-2026-59

9.1CVSS5.9AI score0.00019EPSS

Exploits0References1Affected Software1

OSV•added 2026/04/07 10:16 p.m.•4 views

PYSEC-2026-59

7.5CVSS5.9AI score0.00019EPSS

Cvelist•added 2026/04/07 9:37 p.m.•13 views

CVE-2026-39847 Emmett has a path traversal in internal assets handler

9.1CVSS0.00019EPSS

CVE•added 2026/04/07 9:37 p.m.•8 views

CVE-2026-39847

Emmett (Python web framework) versions 2.5.0 through before 2.8.1 are affected by a path traversal vulnerability in the RSGI static handler for internal assets located under /emmett . An attacker can abuse ../ sequences (for example /emmett /../rsgi/handlers.py) to read arbitrary files outside th...

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/07 9:37 p.m.•1 views

CVE-2026-39847 Emmett has a path traversal in internal assets handler

CNNVD•added 2026/04/07 12:0 a.m.•2 views

emmett 路径遍历漏洞

Emmett is a full-stack Python web framework developed by Emmett. Versions of Emmett from 2.5.0 to 2.8.1 had a path traversal vulnerability. This vulnerability stemmed from issues with the RSGI static processing program, allowing for the reading of files outside the asset directory...

9.1CVSS5.8AI score0.00019EPSS

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-31032

Name of the Vulnerable Software and Affected Versions Emmett versions 2.5.0 through 2.8.0 Description Emmett, a full-stack Python web framework, contains a path traversal flaw in its RSGI static handler for internal assets / emmett paths. An attacker can use '../' sequences in requests, such as '...

NVD•added 2026/02/10 6:16 p.m.•3 views

Exploits0References12

CVE-2026-25577

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmettcore.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause...

7.5CVSS0.00079EPSS

CVE•added 2026/02/10 5:1 p.m.•8 views

CVE-2026-25577

The CVE-2026-25577 issue affects emmett-core (and via transitive deps in emmett/emmett55) where emmett_core.http.wrappers.Request.cookies does not handle CookieError, allowing unauthenticated users to trigger HTTP 500s and denial of service by malformed Cookie headers. The Red Hat/NVD OSV and CIR...

7.5CVSS5.6AI score0.00079EPSS

Cvelist•added 2026/02/10 5:1 p.m.•24 views

CVE-2026-25577 Emmett has an Unhandled CookieError Exception Causing Denial of Service

7.5CVSS0.00079EPSS