Lucene search
K

777 matches found

CVE
CVE
added 2026/02/27 4:41 p.m.12 views

CVE-2026-24488

OpenEMR

6.5CVSS6AI score0.00399EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/27 4:3 p.m.3 views

GHSA-R492-HJGH-C9GW Vitess users with backup storage access can write to arbitrary file paths on restore

Impact Anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are written to any accessible location on restore. This is ...

9.3CVSS6.1AI score0.00402EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/02/27 9:1 a.m.3 views

Vitess users with backup storage access can write to arbitrary file paths on restore

...

9.3CVSS5.9AI score0.00402EPSS
Exploits0
CVE
CVE
added 2026/02/26 3:10 p.m.32 views

CVE-2026-28296

The CVE concerns the FTP GVfs backend, where unsanitized file paths containing CRLF sequences enable termination of intended FTP commands and injection of arbitrary FTP commands. This input validation flaw could allow arbitrary code execution or other severe impacts, depending on the FTP server a...

4.3CVSS6.4AI score0.0036EPSS
Exploits2References2
OSV
OSV
added 2026/02/20 5:25 p.m.6 views

CVE-2026-26097

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

5.5CVSS5.8AI score0.00109EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 5:25 p.m.5 views

CVE-2026-26099

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 4:54 p.m.5 views

CVE-2026-26099

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 4:54 p.m.22 views

CVE-2026-26099 Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS0.00109EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 4:54 p.m.17 views

CVE-2026-26099

Owl opds 2.2.0.4 contains an Uncontrolled Search Path Element vulnerability. The issue allows manipulating configuration file search paths via a crafted network request, indicating potential impact on confidentiality, integrity, and availability as described by the CVSS metrics (base score 8.4, H...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/20 4:54 p.m.22 views

CVE-2026-26098 Uncontrolled Search Path Element in Owl opds

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

Owl Cyber Defense OPDS 代码问题漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a code vulnerability; this vulnerability stems from an uncontrolled search path element, which may lead to the exploitation of t...

8.4CVSS5.9AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.6 views

Dell Unisphere for PowerMax 安全漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. Version 10.2 of Dell Unisphere for PowerMax contains a security vulnerability. This vulnerability stems from external control over file names or paths, which could lead to the deletion of any fi...

8.1CVSS5.8AI score0.00252EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

penpot 安全漏洞

Penpot is an open-source design tool developed by Penpot for collaboration in design and coding. Versions of Penpot prior to 2.13.2 contained a security vulnerability. This vulnerability allowed authenticated users to access arbitrary files by providing local file paths as font data blocks,...

7.5CVSS5.9AI score0.00437EPSS
Exploits1References2
NVD
NVD
added 2026/02/14 7:16 a.m.11 views

CVE-2026-0727

The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'wpaassaveattachmentdata' and...

5.4CVSS0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/13 6:10 p.m.4 views

CVE-2026-21878

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

5.7AI score0.00356EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.5 views

PT-2026-8019

Name of the Vulnerable Software and Affected Versions BACnet Stack versions prior to 1.5.0.rc3 Description The BACnet Stack software contains a flaw in its file writing functionality. Specifically, there is a lack of validation for user-supplied file paths, which could allow attackers to write...

7.5CVSS5.6AI score0.00356EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/02/11 2:56 p.m.5 views

CVE-2019-25315 WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting

WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface...

6.4CVSS5.1AI score0.00184EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 2:56 p.m.13 views

CVE-2019-25315

The CVE concerns WordPress Server Log Viewer 1.0, where a persistent XSS vulnerability exists through unfiltered log file paths. Attackers can create log files containing embedded XSS payloads that execute when viewed in the WordPress admin interface. The description provides CVSSv3.1/4.0 metrics...

6.4CVSS5.1AI score0.00184EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 2:13 p.m.24 views

CVE-2026-2250 Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

7.5CVSS0.00359EPSS
Exploits0References2
CNVD
CNVD
added 2026/02/10 12:0 a.m.2 views

OpenClaw Information Disclosure Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability that stems from the isValidMedia function allowing arbitrary file paths, which can be exploited by an attacker to cause the reading of arbitrary files and the disclosure of...

6.5CVSS5.8AI score0.00745EPSS
Exploits1References1
Rows per page
Query Builder