Lucene search
+L

1224 matches found

ATTACKERKB
ATTACKERKB
added 3 hours ago3 views

CVE-2026-53399

In the Linux kernel, the following vulnerability has been resolved: nfsd: release layout stid on setlease failure nfs4allocstid publishes the new stid into cl-clstateids via idralloccyclic under cllock before returning to nfsd4alloclayoutstateid. When nfsd4layoutsetlease then fails, the error pat...

5.3AI score
Exploits0References5Affected Software1
OSV
OSV
added 6 days ago7 views

CVE-2026-61505 Rejetto HFS < 3.2.1 Limited File Disclosure via Path Traversal in lang Parameter

Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...

6.9CVSS6.1AI score0.00452EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 6 days ago4 views

CVE-2026-61501 Rejetto HFS < 3.2.1 Stored XSS in Admin Log Viewer

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

6.1CVSS6.3AI score0.00308EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago45 views

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

10CVSS7.3AI score0.99323EPSS
Exploits23References5
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-57841

Name of the Vulnerable Software and Affected Versions Rejetto HFS versions 3.0.0 through 3.2.0 Description The software derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of this generator to unauthenticated clients during login. A remote...

9.8CVSS6.5AI score0.00747EPSS
Exploits0References6
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.23 views

FTP Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an FTP server. Tunnel communication over HTTP Windows winhttp Module Options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.34 views

FTP Fetch, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...

6.2AI score
Exploits0
Nuclei
Nuclei
added 2026/07/08 5:22 a.m.211 views

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

9.8CVSS7.6AI score0.99485EPSS
Exploits20References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.32 views

CVE-2026-53026 NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg

In the Linux kernel, the following vulnerability has been resolved: NFSD: fix nfs4file access extra count in nfsd4addrdaccesstowrdeleg In nfsd4addrdaccesstowrdeleg, if fp-fifdsORDONLY is already set by another thread, nfs4filegetaccess should not be called to increment the nfs4file access count...

7.5CVSS0.00432EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 10:17 a.m.15 views

CVE-2026-52944

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...

5.5CVSS0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-52844

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

7.5CVSS0.00409EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:50 p.m.20 views

CVE-2026-52844

CVE-2026-52844 describes a Windows-specific path handling bug in Caddy prior to 2.11.4 where path matchers do not normalize backslashes, causing a request like /private%5csecret.txt to bypass path-scoped auth and reach the protected file, e.g., /private/*, through file_server. The issue is exploi...

7.5CVSS5.9AI score0.00409EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/23 5:50 p.m.2 views

CVE-2026-52844 Caddy: Windows `file_server` path authorization bypass via encoded backslash

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

7.5CVSS6AI score0.00409EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 3:35 p.m.2 views

SUSE-SU-2026:2571-1 Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261640. - CVE-2026-31504: net: fix fanout UAF in packetrelease via NETDEVUP rac...

9.8CVSS5.9AI score0.0049EPSS
Exploits8References11
OSV
OSV
added 2026/06/23 12:59 p.m.11 views

JLSEC-2026-617 Open redirect in the HTTP.jl static file server canonical redirects

Description The static file server's canonical 301 redirects index-file strip, directory trailing-slash add, and file trailing-slash strip built the Location header verbatim from the un-normalized request target. Request-target validation only requires a leading /, has no CTL bytes, and the...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:59 p.m.8 views

JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments

Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...

6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:18 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handler/router.go process. An attacker can access arbitrary files on the host filesystem by sending requests with percent-encoded backslashes %5C that bypass path sanitization. Details A Directory Traversal...

8.7CVSS6.5AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 10:10 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the getImageForOcclusion function. An attacker can access arbitrary files readable by the application process and exfiltrate their contents over the network by embedding malicious scripts in iframes within import...

7.1CVSS6.5AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 9:28 p.m.9 views

GHSA-QRP7-CVWR-J2C6 Caddy: Windows `file_server` path authorization bypass via encoded backslash

Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...

7.5CVSS5.4AI score0.00409EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 8:16 p.m.10 views

GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.6AI score0.00368EPSS
Exploits0References2
Rows per page
Query Builder