Lucene search
K

100 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/26 11:39 p.m.3 views

CVE-2026-29070

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin,...

5.4CVSS5.9AI score0.00252EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/20 3:57 p.m.11 views

pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root

Summary A crafted DICOMDIR can set ReferencedFileID to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy, write, and...

7.8CVSS5.9AI score0.00279EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/20 3:57 p.m.4 views

EUVD-2026-13433

pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 3:57 p.m.2 views

GHSA-V856-2RF8-9F28 pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root

Summary A crafted DICOMDIR can set ReferencedFileID to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, but does not verify that the resolved path remains under the File-set root. Subsequent public FileSet operations such as copy, write, and...

7.8CVSS6AI score0.00279EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/03/20 1:26 a.m.5 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.5AI score0.00279EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:26 a.m.3 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 1:26 a.m.8 views

CVE-2026-32711 pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS6AI score0.00279EPSS
Exploits1References5
CERT
CERT
added 2026/03/16 12:0 a.m.12 views

LibreChat RAG API contains a log-injection vulnerability

Overview A log-injection vulnerability in the LibreChat RAG API, version 0.7.0, is caused by improper sanitization of user-supplied input written to system logs. An authenticated attacker can forge or manipulate log entries by inserting CRLF characters, compromising the integrity of audit records...

7.5CVSS5.8AI score0.00277EPSS
Exploits0
EUVD
EUVD
added 2026/03/10 1:2 a.m.3 views

EUVD-2026-10340

Actual Sync Server has an Authenticated Path Traversal...

5.3CVSS5.8AI score0.00377EPSS
Exploits1References6
OSV
OSV
added 2026/03/10 1:2 a.m.2 views

GHSA-27VG-33GH-4HWG Actual Sync Server has an Authenticated Path Traversal

Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...

5.3CVSS5.8AI score0.00377EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/10 1:2 a.m.8 views

Actual Sync Server has an Authenticated Path Traversal

Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/10 12:0 a.m.13 views

Actual Sync Server has an Authenticated Path Traversal

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside userFiles...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/09 2:16 p.m.2 views

CVE-2026-3089

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...

5.3CVSS5.8AI score0.00377EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.4 views

PT-2026-24064

Name of the Vulnerable Software and Affected Versions Actual Sync Server versions prior to 26.3.0 Description Actual Sync Server allows authenticated users to upload files through the ''/sync/upload-user-file'' API endpoint. In versions prior to 26.3.0, insufficient validation of the...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References14
NVD
NVD
added 2026/03/06 5:16 a.m.6 views

CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...

6.4CVSS0.00133EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.5 views

Gokapi 访问控制错误漏洞

Gokapi is a lightweight, self-hosted alternative to Firefox sending by Marc Bulling. Versions of Gokapi prior to 2.2.3 contained an access control vulnerability. This vulnerability stemmed from the SSE implementation for upload status on /uploadStatus, which exposed the global upload status to an...

6.4CVSS7.3AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2026/02/11 10:15 p.m.9 views

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.3 views

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

5.3AI score0.00232EPSS
Exploits0References2
CVE
CVE
added 2026/02/11 12:0 a.m.13 views

CVE-2024-50617

CVE-2024-50617 affects CIPPlanner CIPAce prior to 9.17. The issue lies in the File Download and Get File handler components, where an authenticated user can change the file id parameter or supply a physical file path in the URL query to download files they should not access. The impact is unautho...

7.5CVSS5.3AI score0.00232EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.24 views

CVE-2024-50617

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...

0.00232EPSS
Exploits0References1
Rows per page
Query Builder