Lucene search
K

777 matches found

Cvelist
Cvelist
added 2026/05/06 6:36 p.m.34 views

CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

6.9CVSS0.00247EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 6:30 p.m.9 views

EUVD-2026-27865

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 5:16 p.m.12 views

CVE-2026-21661

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3...

8.4CVSS0.00108EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/05 7:15 p.m.10 views

podman-desktop: Podman Desktop: Denial of Service and Information Disclosure via unauthenticated HTTP server

A flaw was found in Podman Desktop. A remote attacker can exploit an unauthenticated HTTP server, which lacks proper connection limits and timeouts, to trigger denial-of-service DoS conditions. This can lead to application crashes or a complete host freeze. Additionally, verbose error responses...

9.1CVSS5.7AI score0.00474EPSS
Exploits1References5
NVD
NVD
added 2026/05/05 12:16 p.m.11 views

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

8.7CVSS0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.31 views

CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 Unauthenticated Database Backup Download

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

8.7CVSS0.0031EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 9:31 a.m.6 views

EUVD-2026-27233

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS5.9AI score0.00376EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 6:21 a.m.3 views

CVE-2026-6418 PaperCut NG/MF: Path Traversal in Shared Account Synchronization

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS5.9AI score0.00376EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 6:21 a.m.3 views

CVE-2026-6418

An issue was discovered in the Shared Account Synchronization component of PaperCut MF version 25.0.4. The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with...

4.6CVSS5.9AI score0.00376EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 6:21 a.m.24 views

CVE-2026-6418

PaperCut MF (version 25.0.4) Shared Account Synchronization contains a path traversal in which an authenticated administrator can specify arbitrary local file paths for account data synchronization due to insufficient path validation and sanitization. When the synchronization runs, the system par...

4.9CVSS5.9AI score0.00376EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-36983

Name of the Vulnerable Software and Affected Versions PaperCut MF version 25.0.4 Description An issue in the Shared Account Synchronization component allows authenticated administrative users to specify arbitrary file paths on the local file system due to insufficient path validation and...

4.9CVSS5.9AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37303

Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References6
OSV
OSV
added 2026/04/29 12:11 a.m.7 views

USN-8221-1 wheel vulnerability

It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code...

7.1CVSS7.2AI score0.00311EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.3 views

Ubuntu 24.04 LTS : wheel vulnerability (USN-8221-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8221-1 advisory. It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an...

7.1CVSS7AI score0.00311EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/04/28 12:0 a.m.27 views

CVE-2025-67223

The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...

0.00631EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 12:0 a.m.4 views

CVE-2025-67223

The Aranda File Server AFS component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls...

5.3AI score0.00631EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.6 views

Iperius Backup 缓冲区错误漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Version 5.8.1 of Iperius Backup contains a buffer overflow vulnerability. This vulnerability stems from an issue with the structured exception handling mechanism, which can lead to a local buffer overflow. As a resul...

8.6CVSS6.6AI score0.00205EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/19 12:0 a.m.11 views

LightPicture 安全漏洞

LightPicture is a corporate/team/personal image resource management system and photo hosting system developed by osuuu. Versions of LightPicture 1.2.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded credentials for parameters key in files...

7.5CVSS7.2AI score0.00284EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.8 views

Emissary 安全漏洞

Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary 8.42.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Executrix.getCommand function, which inserted temporary file paths into shell...

8.8CVSS5.8AI score0.00861EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/04/17 12:23 a.m.8 views

USN-8182-1: Rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

7.5CVSS5.9AI score0.00475EPSS
Exploits1
Rows per page
Query Builder