Lucene search
K

777 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.3 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Rack vulnerabilities (USN-8182-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8182-1 advisory. Andrew Lacambra discovered that Rack did not properly parse certain regular...

7.5CVSS6AI score0.00475EPSS
Exploits1References14
OSV
OSV
added 2026/04/09 6:17 p.m.3 views

UBUNTU-CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.8AI score0.02185EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/09 5:5 p.m.3 views

EUVD-2026-20976

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.9AI score0.02185EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31466

parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen shell command, allowing arbitrary command execution via crafted .lnk filenames containing shell metacharacters. An attacker can craft a .lnk filename wi...

8.5CVSS6.2AI score0.00805EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/06 6:59 p.m.5 views

CVE-2026-35021

...

5.8AI score0.00041EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.4 views

Xenforo 安全漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.7 contained security vulnerabilities. These vulnerabilities stemmed from abnormal messages triggered by the openbasedir limitation, which allowed the leakage of file system paths. This could potentially...

8.7CVSS5.8AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in the Windows Media Player, where remote host file URLs and UNC-style paths were accept...

6.9CVSS5.8AI score0.00319EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/03/31 9:48 a.m.5 views

USN-8136-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

8.2CVSS6AI score0.0079EPSS
Exploits7
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.5 views

HeidiSQL 安全漏洞

HeidiSQL is an open-source database management graphical interface tool developed by HeidiSQL. Version HeidiSQL 9.5.0.5196 contains a security vulnerability. This vulnerability stems from the file path field in the logging configuration file, which has a denial-of-service vulnerability. This coul...

6.9CVSS5.8AI score0.00206EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 10:58 p.m.4 views

CVE-2026-1556

A flaw was found in Drupal File Field Paths. This information disclosure vulnerability allows authenticated users to disclose other users’ private files. This can be exploited by performing filename-collision uploads, which causes the system to receive incorrect file Uniform Resource Identifiers...

7.7CVSS5.7AI score0.00391EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/26 10:16 p.m.8 views

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

6.9CVSS5.8AI score0.00391EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/26 6:31 p.m.3 views

EUVD-2026-16238

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost...

6.8CVSS5.9AI score0.00421EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-22171

OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can control Feishu media key values returned to the clien...

9.1CVSS5.9AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28313

Name of the Vulnerable Software and Affected Versions Drupal File Field Paths versions prior to 7.1.3 Description An information disclosure issue exists in the file URI processing of File Field Paths in Drupal. Authenticated users can potentially disclose other users’ private files through...

6.9CVSS5.8AI score0.00391EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28421

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.11 Mattermost versions 11.2.x through 11.2.3 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly validate file target paths fo...

6.8CVSS5.9AI score0.00421EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.125 views

📄 textract 2.5.0 Command Injection

textract through version 2.5.0 allows OS command injection through the file path supplied to multiple extractors. Several code paths pass that file path into childprocess.exec with inadequate sanitization. An attacker who can influence the file name or path can break out of the command line and r...

9.8CVSS6AI score0.02421EPSS
Exploits4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Saloon 路径遍历漏洞

Saloon is a PHP API integration and SDK library developed by Saloon PHP Open Source. Versions of Saloon prior to 4.0.0 contained a path traversal vulnerability. This vulnerability stemmed from the use of device names to construct file paths within the configured device directory without proper...

9.3CVSS5.8AI score0.00566EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 12:29 p.m.10 views

CVE-2026-4760

From CVE-2026-4760, Panorama Web HMI allows an attacker to gain read access to certain Web HMI server files if the attacker knows the file paths and the files are accessible to the Servin process execution account. Affected installations include Panorama Suite 2022-SP1 (22.50.005) unless PS-2210-...

9.2CVSS6AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:30 a.m.7 views

EUVD-2026-15192

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS6.2AI score0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

textract 安全漏洞

Textract is a text extraction tool developed by David Bashford, which supports multiple formats. Textract versions 2.5.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from unvalidated file path parameters, which could lead to OS command injection attacks...

9.8CVSS5.8AI score0.02421EPSS
Exploits4References6
Rows per page
Query Builder