Lucene search
K

1005 matches found

NVD
NVD
added 2026/03/24 3:16 p.m.5 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS0.21621EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.7 views

PT-2026-27497

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the downloadVideoFromDownloadURL function using the original file name and extension of the remote...

8.8CVSS5.9AI score0.00395EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.6 views

LabF Axessh 安全漏洞

LabF Axessh is a security terminal client software developed by LabF Corporation. Version 4.2 of LabF Axessh contains a security vulnerability. This vulnerability stems from a log configuration that exposes a denial-of-service vulnerability, which could allow local attackers to cause the...

6.9CVSS5.8AI score0.00166EPSS
Exploits0References4
Veracode
Veracode
added 2026/03/20 5:39 a.m.6 views

Improper Input Validation

code.gitea.io/gitea is vulnerable to improper input validation. The vulnerability is due to insufficient validation of attachment file names in the attachment API, which allows an attacker to bypass file extension restrictions by modifying the attachment name...

8.2CVSS7.2AI score0.00295EPSS
Exploits0References5Affected Software3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26647

CVE-2026-30579 File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file nam… https://t.co/N4t4f6wlMZ...

5.8AI score0.00184EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.12 views

Halloy 路径遍历漏洞

Halloy is a cross-platform IRC client developed by Squidowl. Halloy has a path traversal vulnerability, which stems from the lack of cleaning of file names during the DCC reception process. This vulnerability may lead to path traversal and arbitrary file writing...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

OpenProject 跨站脚本漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the Repositories module not properly escaping file names, which could lead to stored-x...

9CVSS5.7AI score0.00189EPSS
Exploits0References1
Veracode
Veracode
added 2026/03/14 5:20 a.m.7 views

Arbitrary File Write

Black is vulnerable to Arbitrary File Write. The vulnerability is due to improper sanitization of the --python-cell-magics option when constructing cache file names, allowing attackers to manipulate the file path and write cache files to arbitrary locations on the filesystem...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/03/13 6:33 p.m.3 views

SUSE-SU-2026:0900-1 Security update for python-black

This update for python-black fixes the following issue: - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name bsc1259608...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application developed by the American company Zoom. Versions of Zoom Workplace prior to 6.6.0 contained a security vulnerability. This vulnerability stemmed from external control over file names or paths within the email function, which could allow unauthenticated user...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 9:8 p.m.2 views

CVE-2026-31817 OliveTin has unsafe parsing of UniqueTrackingId can be used to write files

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the...

8.5CVSS6AI score0.00712EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin AC Services 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

WordPress plugin Coinpress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Eject 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.10 views

WordPress plugin Green Thumb 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin S.King 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00415EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin Helion 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

WordPress plugin SetSail 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

WordPress plugin Askka 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
Rows per page
Query Builder