Lucene search
K

11277 matches found

Cvelist
Cvelist
added 2026/03/04 6:25 p.m.33 views

CVE-2026-0847 Path Traversal in nltk/nltk

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

8.6CVSS0.00924EPSS
Exploits3References1
Debian CVE
Debian CVE
added 2026/03/04 6:25 p.m.8 views

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

8.6CVSS8.7AI score0.00924EPSS
Exploits3
NVD
NVD
added 2026/03/04 6:16 p.m.7 views

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

6.5CVSS0.00324EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 4:50 p.m.5 views

CVE-2026-28783 Craft has a Twig Function Blocklist Bypass

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either ha...

9.4CVSS6.1AI score0.00464EPSS
Exploits0References2
Cisco
Cisco
added 2026/03/04 4:0 p.m.20 views

Cisco Secure Firewall Adaptive Security Appliance Software Multiple Context Mode SCP Unauthorized File Access Vulnerability

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS6AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.6 views

CVE-2025-63909

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files...

7.8CVSS6AI score0.00329EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.4 views

SUSE CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

6.5CVSS5.9AI score0.00485EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-23059

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4 Description A Zip Slip vulnerability exists in the backup restore functionality, allowing arbitrary file overwrite via path traversal in uploaded ZIP archives. The application uses zipfile.extractall...

9.3CVSS5.9AI score0.00527EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

OpenDeck 安全漏洞

OpenDeck is a cross-platform streaming media controller desktop application developed by nekename. Versions of OpenDeck prior to 2.8.1 contained security vulnerabilities, which were caused by improper path component cleaning. This vulnerability could allow attackers to read arbitrary files throug...

7.5CVSS5.9AI score0.00431EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.10 views

NLTK 路径遍历漏洞

NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. NLTK versions 3.9.2 and earlier contained a path traversal vulnerability. This vulnerability stemmed from multiple CorpusReader classes not properly...

8.6CVSS7.4AI score0.00924EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.6 views

PT-2026-23058

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4 Description The software contains a reflected cross-site scripting XSS issue in the /rss/tag/ endpoint. The tag uuid path parameter is directly included in the HTTP response without proper HTML...

6.1CVSS5.8AI score0.00282EPSS
Exploits1References8
OSV
OSV
added 2026/03/03 10:8 p.m.9 views

GHSA-XMV6-R34M-62P4 OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...

7.8CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/03 10:8 p.m.14 views

OpenClaw: Sandbox media fallback tmp symlink alias bypass allows host file reads outside sandboxRoot

Summary A sandbox path validation bypass in openclaw allows host file reads outside sandboxRoot via the media path fallback tmp flow when the fallback tmp root is a symlink alias. Affected Packages / Versions - Package: npm openclaw - Affected versions: without verifying that fallback path was a...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/03 9:1 p.m.4 views

GHSA-5FVC-7894-GHP4 Craft CMS has Twig Function Blocklist Bypass

Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either have allowAdminChanges enabled on production, or a compromised admin account, or an...

8.6CVSS6AI score0.00464EPSS
Exploits0References5
NVD
NVD
added 2026/03/03 8:16 p.m.5 views

CVE-2026-2606

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

6.5CVSS0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 8:16 p.m.6 views

CVE-2026-2606

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

6.5CVSS5.9AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 7:57 p.m.4 views

GHSA-56PC-6HVP-4GV4 OpenClaw vulnerable to arbitrary file read via $include directive

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

6.9CVSS6AI score0.00146EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/03 7:57 p.m.6 views

OpenClaw vulnerable to arbitrary file read via $include directive

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

6.7CVSS6AI score0.00146EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/03 7:38 p.m.8 views

EUVD-2026-9314

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

6.5CVSS6.1AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 7:38 p.m.15 views

CVE-2026-2606 IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

6.5CVSS0.00302EPSS
Exploits0References1
Rows per page
Query Builder