CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13584 matches found

NVD•added 2026/04/28 8:16 a.m.•4 views

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

6.5CVSS0.00127EPSS

Exploits0References4

Vulnrichment•added 2026/04/28 1:45 a.m.•4 views

CVE-2026-7214 eghuzefa engineer-your-data server.py file_inf path traversal

A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function readfile/writefile/listfiles/fileinf of the file src/server.py. The manipulation of the argument WORKSPACEPATH leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS7.1AI score0.0041EPSS

Exploits0References4

ATTACKERKB•added 2026/04/27 11:24 p.m.•3 views

CVE-2026-41370

OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories...

7.1CVSS5.5AI score0.00417EPSS

Exploits0References4

Vulnrichment•added 2026/04/27 11:24 p.m.•4 views

CVE-2026-41370 OpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP Dispatch

7.1CVSS5.5AI score0.00417EPSS

Exploits0References3

Snyk•added 2026/04/27 9:31 p.m.•7 views

Directory Traversal

Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...

7.5CVSS7.5AI score0.00411EPSS

Exploits0References2

OSV•added 2026/04/27 3:39 p.m.•20 views

USN-8212-1 authd vulnerability

It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users...

7.3CVSS5.4AI score0.0011EPSS

Exploits0References2

Ubuntu•added 2026/04/27 3:39 p.m.•9 views

USN-8212-1: authd vulnerability

7.3CVSS5.4AI score0.0011EPSS

Exploits0

CNNVD•added 2026/04/27 12:0 a.m.•6 views

AutoForge 路径遍历漏洞

AutoForge is an intelligent coding proxy tool open source by AutoForgeAI. Version 79d02a of AutoForge contains a path traversal vulnerability, which stems from path traversal in UI/static components. This vulnerability could allow attackers to access arbitrary files...

7.5CVSS5.9AI score0.00446EPSS

Exploits0References1

Tenable Nessus•added 2026/04/27 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

7.5CVSS5.8AI score0.00324EPSS

Exploits1References4

CNNVD•added 2026/04/27 12:0 a.m.•10 views

ProjeQtOr 路径遍历漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain a path traversal vulnerability. This vulnerability stems from the lack of validation of the directory traversal sequence in the logname parameter of the...

7.1CVSS5.8AI score0.00541EPSS

Exploits0References6

OSV•added 2026/04/25 5:48 a.m.•7 views

OESA-2026-2012 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS

Exploits1References2

OSV•added 2026/04/25 5:48 a.m.•7 views

OESA-2026-2011 python-lxml security update

7.5CVSS5.4AI score0.00324EPSS

Exploits1References2

OSV•added 2026/04/25 5:48 a.m.•6 views

OESA-2026-2010 python-lxml security update

7.5CVSS5.4AI score0.00324EPSS

Exploits1References2

OSV•added 2026/04/25 5:48 a.m.•16 views

OESA-2026-2009 python-lxml security update

7.5CVSS5.3AI score0.00324EPSS

Exploits1References2

OSV•added 2026/04/25 5:48 a.m.•3 views

OESA-2026-2008 python-lxml security update

7.5CVSS5.4AI score0.00324EPSS

Exploits1References2

NVD•added 2026/04/24 5:16 p.m.•2 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS0.00324EPSS

Exploits1References2

OSV•added 2026/04/24 5:16 p.m.•5 views

ALPINE-CVE-2026-41066

7.5CVSS5.4AI score0.00324EPSS

Exploits1References1