CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1496 matches found

Zero Day Initiative•added 2026/02/13 12:0 a.m.•10 views

MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper...

8.1CVSS6.3AI score0.18428EPSS

Exploits0References1

SUSE CVE•added 2026/02/07 12:24 a.m.•2 views

SUSE CVE-2026-25059

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

8.8CVSS5.5AI score0.00029EPSS

Exploits1References3

SUSE CVE•added 2026/02/05 12:25 a.m.•2 views

SUSE CVE-2026-23063

In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling putqueue carries risks since it cannot guarantee that resources of uaccequeue have been fully released beforehand. So adding a stopqueue operation for the...

5.5CVSS5.2AI score0.00018EPSS

Exploits0References19

NVD•added 2026/02/04 8:16 p.m.•4 views

CVE-2026-25161

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

8.8CVSS0.0003EPSS

Exploits1References2

ATTACKERKB•added 2026/02/04 7:40 p.m.•2 views

CVE-2026-25161

8.8CVSS5.4AI score0.0003EPSS

Exploits1References3Affected Software1

EUVD•added 2026/02/04 7:40 p.m.•4 views

EUVD-2026-5366

8.8CVSS5.4AI score0.0003EPSS

Exploits1References2

Vulnrichment•added 2026/02/04 7:40 p.m.•2 views

CVE-2026-25161 Alist vulnerable to Path Traversal in multiple file operation handlers

8.8CVSS5.4AI score0.0003EPSS

Exploits1References2

OSV•added 2026/02/04 6:52 p.m.•2 views

GHSA-X4Q4-7PHH-42J9 Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...

8.8CVSS5.6AI score0.0003EPSS

Exploits1References6

Github Security Blog•added 2026/02/04 6:52 p.m.•5 views

Alist vulnerable to Path Traversal in multiple file operation handlers

8.8CVSS5.6AI score0.0003EPSS

Exploits1References6Affected Software1

ATTACKERKB•added 2026/02/04 4:7 p.m.•5 views

CVE-2026-23063

5.3AI score0.00018EPSS

Exploits0References8Affected Software1

CVE•added 2026/02/04 4:7 p.m.•5 views

CVE-2026-23063

CVE-2026-23063 pertains to the Linux kernel, specifically the UACCE accelerator framework. The issue arises in the queue release path for uacce_queue when resources could be freed concurrently (e.g., during poweroff -f with accelerators still active). The root cause is unsafe sequencing of operat...

5.5CVSS5.3AI score0.00018EPSS

Exploits0References7Affected Software1

Positive Technologies•added 2026/02/04 12:0 a.m.•1 views

PT-2026-6496

8.8CVSS5.6AI score0.0003EPSS

Exploits1References7

Positive Technologies•added 2026/02/04 12:0 a.m.•5 views

PT-2026-6279

Name of the Vulnerable Software and Affected Versions Alist versions prior to 3.57.0 Description Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. The application contains a path traversal issue in multiple file operation handlers. An authenticated attacker...

8.8CVSS5.5AI score0.0003EPSS

Exploits1References14

CNNVD•added 2026/02/04 12:0 a.m.•3 views

AList 路径遍历漏洞

AList is a file list program developed by Xhofe, a developer from China. Versions of AList prior to 3.57.0 had a path traversal vulnerability. This vulnerability stemmed from vulnerabilities in multiple file operation handlers, which could lead to unauthorized file operations...

8.8CVSS5.8AI score0.0003EPSS

Exploits1References2

NVD•added 2026/02/02 11:16 p.m.•1 views

CVE-2026-25059

8.8CVSS0.00029EPSS

Exploits1References3

Vulnrichment•added 2026/02/02 10:24 p.m.•2 views

CVE-2026-25059 OpenList affected by Path Traversal in file copy and remove handlers

8.8CVSS5.5AI score0.00029EPSS

Exploits1References3

ATTACKERKB•added 2026/02/02 10:24 p.m.•2 views

CVE-2026-25059

8.8CVSS5.5AI score0.00029EPSS

Exploits1References4Affected Software1

CVE•added 2026/02/02 10:24 p.m.•5 views

CVE-2026-25059

OpenList Frontend contains a path traversal vulnerability (CWE-22) in multiple file operation handlers (server/handles/fsmanage.go) that was present before version 4.1.10. Filename components in req.Names are concatenated with validated directories via stdpath.Join, allowing ".." sequences to byp...

8.8CVSS5.5AI score0.00029EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2026/02/02 8:1 p.m.•4 views

OpenList vulnerable to Path Traversal in file copy and remove handlers

8.8CVSS5.7AI score0.00029EPSS

Exploits1References7Affected Software1

RedhatCVE•added 2026/01/31 9:12 a.m.•4 views

CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

9.9CVSS6.5AI score0.00173EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by