CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.2CVSS5.8AI score0.00552EPSS

CVE-2026-4132

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.1CVSS5.5AI score0.00144EPSS

CVE-2026-40162

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem locatio...

RedhatCVE•added 5 days ago•6 views

CVE-2026-40090

Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...

7.1CVSS5.5AI score0.00053EPSS

RedhatCVE•added 5 days ago•5 views

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

9.1CVSS5.6AI score0.00069EPSS

RedhatCVE•added 5 days ago•6 views

CVE-2026-39306

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...

7.3CVSS5.6AI score0.00052EPSS

Exploits1References1

8.7CVSS5.5AI score0.00025EPSS

CVE-2026-44340

PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the safeextractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate...

Exploits1References1

RedhatCVE•added 5 days ago•8 views

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6AI score0.00853EPSS

2.7CVSS5.5AI score0.00044EPSS

CVE-2024-47272

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

RedhatCVE•added 5 days ago•6 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS5.5AI score0.00051EPSS

Github Security Blog•added 5 days ago•12 views

NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

6AI score

Exploits0References4Affected Software1

CVE•added 5 days ago•8 views

CVE-2026-50733

Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), enabling arbitrary JavaScript execution across render paths (live preview, presentation mode, and HTML export via WaveDrom.ProcessAll()/eva()). Attack vector includes a crafted m...

8.8CVSS5.8AI score0.00058EPSS

OSV•added 5 days ago•5 views

GHSA-H535-J5HR-MV56 DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

The unzipDirectory function in packages/api/src/shell/unzipDirectory.js line 27 does not validate that extracted file paths stay within the output directory. A malicious ZIP with ../ entries writes files anywhere on the filesystem. In the default Docker deployment, DbGate runs as root and the non...

9.3CVSS5.5AI score

Github Security Blog•added 5 days ago•9 views

DbGate: Zip Slip in archive/unzip allows arbitrary file write leading to RCE

5.5AI score

Exploits0References3Affected Software1

NVD•added 5 days ago•8 views

CVE-2026-10732

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

6.4CVSS0.00057EPSS

Vulnrichment•added 5 days ago•6 views

CVE-2026-10732

6.4CVSS6.4AI score0.00057EPSS

Cvelist•added 5 days ago•30 views

CVE-2026-10732

6.4CVSS0.00057EPSS

ATTACKERKB•added 5 days ago•5 views

CVE-2026-10732

9.8CVSS6.4AI score0.00741EPSS

Exploits1References4

CVE•added 5 days ago•7 views

CVE-2026-10732

The CVE-2026-10732 entry affects the npm package decompress . It describes Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP with two entries sharing a path, where the first is a symlink to an arbitrary target and the second is a regular file. The file content can be wr...

6.4CVSS6.5AI score0.00057EPSS