CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added yesterday•8 views

📄 Python-Multipart Path Traversal / Arbitrary File Write

Proof of concept that leverages a path traversal vulnerability in Python-Multipart versions prior to 0.0.22 to achieve an arbitrary file write. ================================================================================================================================== | Title :...

8.6CVSS6.6AI score0.01021EPSS

Exploits5

NVD•added 2 days ago•3 views

CVE-2026-25559

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can...

8.8CVSS0.00265EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-35137

8.8CVSS6.4AI score0.00265EPSS

Nuclei•added 2 days ago•17 views

Plenti < v0.7.2 - OS Command Injection

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

9.3CVSS7.3AI score0.7146EPSS

Exploits1References2

Nuclei•added 2 days ago•63 views

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.8AI score0.91268EPSS

Exploits4References5

Nuclei•added 2 days ago•58 views

Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

9.8CVSS8.3AI score0.88697EPSS

Exploits1

Nuclei•added 2 days ago•10 views

dash-uploader 0.1.0 - 0.7.0a2 - Unauthenticated Arbitrary File Write via Path Traversal

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a directory traversal vulnerability caused by improper handling in dashuploader/httprequesthandler.py components, letting remote attackers execute arbitrary code, exploit requires no special privileges. id: CVE-2026-38360 info: name:...

9.8CVSS5.8AI score0.14562EPSS

Exploits4References4

Nuclei•added 2 days ago•52 views

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

9.9CVSS6.4AI score0.92294EPSS

Exploits2References5

Redos•added 2 days ago•3 views

ROS-20260608-73-0015

The vulnerability of the .NET Core software platform is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a remote attacker to write arbitrary files...

4.3CVSS5.7AI score0.00032EPSS

Exploits0

Redos•added 2 days ago•4 views

ROS-20260608-73-0014

4.3CVSS5.7AI score0.00032EPSS

Exploits0

Redos•added 2 days ago•3 views

ROS-20260608-73-0013

4.3CVSS5.7AI score0.00032EPSS

Exploits0

Positive Technologies•added 2 days ago•5 views

PT-2026-47341

8.8CVSS6.4AI score0.00265EPSS

Exploits0References3

RedhatCVE•added 3 days ago•8 views

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

RedhatCVE•added 3 days ago•8 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00422EPSS

CVE•added 5 days ago•13 views

CVE-2026-11416

Summary: MoviePilot is affected by a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers. The local destination path is built by concatenating the configured download directory with a filename taken directly from remote cloud API metadata, without basename...

8.1CVSS5.6AI score0.00056EPSS

Exploits0References3

Cvelist•added 5 days ago•28 views

CVE-2026-11420 Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read

10CVSS0.00676EPSS

ATTACKERKB•added 5 days ago•4 views

CVE-2026-11420

Vulnrichment•added 5 days ago•7 views

CVE-2026-11420 Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Write and File Read

CVE•added 5 days ago•23 views

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. The issue can potentiall...