Lucene search
K

777 matches found

CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

Tesseract 安全漏洞

Tesseract is an OCR image text recognition library developed by Nazim Gafarov for a Node.js platform. Versions of Tesseract 2.2.1 and earlier contained security vulnerabilities, which were caused by unvalidated file path parameters, potentially leading to OS command injection attacks...

9.8CVSS5.8AI score0.01706EPSS
Exploits3References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.15 views

FinalWire AIDA64 Extreme 缓冲区错误漏洞

FinalWire AIDA64 Extreme is a diagnostic software developed by FinalWire Corporation, designed for system information detection, hardware monitoring, and performance testing. Version 5.99.4900 of FinalWire AIDA64 Extreme contains a buffer error vulnerability. This vulnerability stems from a...

8.6CVSS6.4AI score0.00217EPSS
Exploits1References4
NVD
NVD
added 2026/03/23 10:16 p.m.8 views

CVE-2025-60946

Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha...

8.8CVSS0.00488EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/23 8:59 p.m.24 views

CVE-2025-60946 Census CSWeb path traversal

Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha...

8.8CVSS0.00488EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27209

Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha...

8.8CVSS5.9AI score0.00488EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.6 views

Rails 路径遍历漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of verificatio...

9.8CVSS5.8AI score0.00567EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/22 8:35 a.m.4 views

CVE-2026-4542

A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote. The exploit has...

5.5CVSS5.6AI score0.0031EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26922

Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme name parameter in the themeexporthandle action or supply base64-encoded file paths t...

7.1CVSS5.9AI score0.01101EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 10:40 p.m.5 views

CVE-2026-32810

Halloy is an IRC app written in Rust. Before commit f180e41061db393acf65bc99f5c5e7397586d9cb, Halloy creates its config directory and files with default umask permissions (typically 0644 files, 0755 dirs), allowing any local user to read plaintext credentials in config.toml or referenced password...

5.5CVSS5.8AI score0.00175EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26688

Halloy is an IRC application written in Rust. In versions on nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any loc...

4.8CVSS5.8AI score0.00175EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

SiYuan 访问控制错误漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan 3.6.0 and earlier contained an access control vulnerability. This vulnerability stemmed from the lack of validation of file paths at the/api/lute/html2BlockDOM endpoint, which could lead to t...

9.9CVSS6.4AI score0.00414EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32008

OpenClaw versions prior to 2026.2.21 contain an improper URL scheme validation vulnerability in the assertBrowserNavigationAllowed function that allows authenticated users with browser-tool access to navigate to file:// URLs. Attackers can exploit this by accessing local files readable by the...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/19 12:43 p.m.5 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the listFiles.json.php file. An attacker can enumerate and disclose the absolute paths of .mp4 files located anywhere on the server...

7.1CVSS6.4AI score0.00418EPSS
Exploits1References2
CNVD
CNVD
added 2026/03/18 12:0 a.m.4 views

AnythingLLM Code Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...

6.4CVSS6.2AI score0.00388EPSS
Exploits1
OSV
OSV
added 2026/03/17 4:32 p.m.4 views

SUSE-SU-2026:0907-1 Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Insecure file permissio...

7.8CVSS5.8AI score0.00235EPSS
Exploits0References5
OSV
OSV
added 2026/03/10 8:25 p.m.7 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS5.8AI score0.00557EPSS
Exploits1References6
OSV
OSV
added 2026/03/10 6:28 p.m.2 views

GO-2026-4570 Vitess users with backup storage access can write to arbitrary file paths in vitess.io/vitess

Vitess users with backup storage access can write to arbitrary file paths on restore in vitess.io/vitess...

9.3CVSS5.9AI score0.00402EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/10 4:5 p.m.5 views

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...

8.7CVSS7.1AI score0.00487EPSS
Exploits0References30
OSV
OSV
added 2026/03/10 4:5 p.m.6 views

SUSE-SU-2026:0859-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...

8.7CVSS7.1AI score0.00487EPSS
Exploits0References16
OSV
OSV
added 2026/03/05 12:20 a.m.5 views

GHSA-95V5-PRP4-5GV5 Backstage vulnerable to potential reading of SCM URLs using built in token

Impact A vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References3
Rows per page
Query Builder