Lucene search
K

387135 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.238 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
CVE
CVE
added yesterday9 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-40084

Summary: CVE-2026-40084 affects CACTI

6.5CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-40083

Cacti 1.2.30 and earlier are impacted by an SQL Injection in managers.php. The vulnerability arises from unsanitized data flow: user-supplied selected_graphs_array is deserialized via cacti_unserialize (unserialize with allowed_classes = false), then deserialized values are directly concatenated ...

7.2CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-13281

CVE-2026-13281 : An integer overflow in Mojo for Google Chrome prior to 149.0.7827.201 could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a malicious file. This CVE is reported with a High severity in Chromium. Affected component: Mo...

6AI score
Exploits0References2
EUVD
EUVD
added yesterday9 views

EUVD-2026-36182

ImageMagick Vulnerable to Stack Overflow in its MVG Decoder...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2025-71338

Flowise is affected by a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem by crafting unsanitized fileName parameters with ../ sequences. This can overwrite critical files (e.g., pac...

10CVSS6.7AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2025-71334

Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that chatflowId and chatId are UUIDs or numbers in file handling. An attacker can use path traversal (e.g., ../../../../../tmp) via /api/v1/chatflows (addBase64File...

9.8CVSS6.3AI score
Exploits0References4
CVE
CVE
added yesterday4 views

CVE-2025-71333

Flowise (v2.2.4) contains an unauthenticated arbitrary file upload vulnerability at the /api/v1/attachments endpoint when storageType is set to local. The issue allows path traversal via chatId and chatflowId parameters to upload files to arbitrary directories, potentially enabling remote code ex...

9.3CVSS6.6AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2025-71324

Flowise before 3.0.6 has an arbitrary file-read vulnerability in the chatId parameter of /api/v1/get-upload-file and /api/v1/openai-assistants-file/download. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is ...

8.7CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-56445

The CVE-2026-56445 issue affects the qrscp application’s C-STORE handler. It directly uses an attacker-supplied DICOM dataset instance in os.path.join() without sanitization, enabling writes to arbitrary file paths on the system. This is a path traversal vulnerability in the file-write path, with...

9.1CVSS6AI score
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-39562

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-57700

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6...

10CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-55667

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-54092

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...

6.5CVSS0.00061EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-54093

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00046EPSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-54097

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS0.00029EPSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-54091

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS0.00031EPSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-54094

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS0.00028EPSS
Exploits0References1
Rows per page
Query Builder