Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

7266 matches found

Snyk
Snykā€¢added 2026/02/25 9:17 a.m.ā€¢4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handling of URLs containing percent-encoded slashes in the UNSAFEPERCENTENCODE parameter in wcurl wrapper. An attacker can cause files to be saved outside of the intended directory by supplying specially...

6.5CVSS6.5AI score0.00302EPSS
Exploits0References2
OSV
OSVā€¢added 2026/02/25 3:16 a.m.ā€¢4 views

DEBIAN-CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.8CVSS7.3AI score0.01195EPSS
Exploits1References1
NVD
NVDā€¢added 2026/02/25 3:16 a.m.ā€¢9 views

CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.8CVSS0.01195EPSS
Exploits1References7
OSV
OSVā€¢added 2026/02/25 3:16 a.m.ā€¢6 views

UBUNTU-CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.8CVSS6.9AI score0.01195EPSS
Exploits1References9
UbuntuCve
UbuntuCveā€¢added 2026/02/25 3:16 a.m.ā€¢2 views

CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.8CVSS6.9AI score0.01195EPSS
Exploits1References8
Snyk
Snykā€¢added 2026/02/25 3:12 a.m.ā€¢6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the CreateNewDAG API endpoint when the DAG name is not properly validated before being passed to the file store. An attacker can write arbitrary YAML files outside the intended directory, potentially overwriting...

7.1CVSS6.5AI score0.00571EPSS
Exploits1References2
Snyk
Snykā€¢added 2026/02/25 3:12 a.m.ā€¢4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the CreateNewDAG API endpoint when the DAG name is not properly validated before being passed to the file store. An attacker can write arbitrary YAML files outside the intended directory, potentially overwriting...

7.1CVSS6.5AI score0.00571EPSS
Exploits1References2
Snyk
Snykā€¢added 2026/02/25 3:12 a.m.ā€¢2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the CreateNewDAG API endpoint when the DAG name is not properly validated before being passed to the file store. An attacker can write arbitrary YAML files outside the intended directory, potentially overwriting...

7.1CVSS6.5AI score0.00571EPSS
Exploits1References2
Debian CVE
Debian CVEā€¢added 2026/02/25 2:8 a.m.ā€¢4 views

CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.8CVSS8AI score0.01195EPSS
Exploits1
Vulnrichment
Vulnrichmentā€¢added 2026/02/25 2:8 a.m.ā€¢3 views

CVE-2026-27606 Rollup 4 has Arbitrary File Write via Path Traversal

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.3CVSS5.8AI score0.01195EPSS
Exploits1References7
ATTACKERKB
ATTACKERKBā€¢added 2026/02/25 2:8 a.m.ā€¢3 views

CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.8CVSS5.8AI score0.01195EPSS
Exploits1References8Affected Software1
CVE
CVEā€¢added 2026/02/25 2:8 a.m.ā€¢52 views

CVE-2026-27606

CVE-2026-27606 affects Rollup: vulnerable in versions prior to 2.80.0, 3.30.0, and 4.59.0 due to insecure file name sanitization in the core engine, enabling arbitrary file write via path traversal. An attacker can use traversal sequences (e.g., ../) to overwrite files the build process can acces...

9.8CVSS5.8AI score0.01195EPSS
Exploits1References7Affected Software1
OSV
OSVā€¢added 2026/02/25 2:8 a.m.ā€¢5 views

CVE-2026-27606 Rollup 4 has Arbitrary File Write via Path Traversal

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.3CVSS5.9AI score0.01195EPSS
Exploits1References9
Cvelist
Cvelistā€¢added 2026/02/25 2:8 a.m.ā€¢23 views

CVE-2026-27606 Rollup 4 has Arbitrary File Write via Path Traversal

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

9.3CVSS0.01195EPSS
Exploits1References7
NVD
NVDā€¢added 2026/02/25 1:16 a.m.ā€¢7 views

CVE-2026-27598

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

7.1CVSS0.00571EPSS
Exploits1References2
CVE
CVEā€¢added 2026/02/25 12:27 a.m.ā€¢12 views

CVE-2026-27598

CVE-2026-27598 affects Dagu up to version 1.16.7. The issue is in the CreateNewDAG API (POST /api/v1/dags) where DAG name validation is skipped before writing to the file store, allowing an authenticated user with DAG write permissions to write arbitrary YAML files on the filesystem. Since Dagu e...

7.1CVSS6AI score0.00571EPSS
Exploits1References2Affected Software1
EUVD
EUVDā€¢added 2026/02/25 12:27 a.m.ā€¢6 views

EUVD-2026-8576

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

7.1CVSS6AI score0.00571EPSS
Exploits1References2
Packet Storm
Packet Stormā€¢added 2026/02/25 12:0 a.m.ā€¢108 views

šŸ“„ Calibre 9.2.1 Path Traversal / Arbitrary File Write

Calibre versions 9.2.1 and below are vulnerable to a path traversal flaw in the PDB file parser, affecting both the 132-byte and 202-byte header variants of the PDB reader implementation. The vulnerability allows a specially crafted PDB file to embed directory traversal sequences such as ../ with...

5.6AI score
Exploits0
Packet Storm
Packet Stormā€¢added 2026/02/25 12:0 a.m.ā€¢154 views

šŸ“„ MSā€‘EVEN TOCTOU ElfrBackupELFW Arbitrary File Write

This module exploits a Time-of-Check Time-of-Use TOCTOU vulnerability in the MS-EVEN protocol Windows Event Log service. A low-privileged authenticated user can write arbitrary files to a remote Windows machine by abusing the ElfrBackupELFW RPC function. This module strictly follows the MS-EVEN...

7.5CVSS5.8AI score0.0106EPSS
Exploits1
CNNVD
CNNVDā€¢added 2026/02/25 12:0 a.m.ā€¢8 views

Rollup č·Æå¾„éåŽ†ę¼ę“ž

Rollup is a JavaScript module developed by Rollup. Versions prior to Rollup 2.80.0, 3.30.0, and 4.59.0 contained a path traversal vulnerability. This vulnerability stemmed from improper filename handling in the core engine, which could allow arbitrary file writing and remote code execution throug...

9.8CVSS7.9AI score0.01195EPSS
Exploits1References8
Rows per page
Query Builder