Lucene search
K

337 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/25 6:1 a.m.4 views

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS6.1AI score0.00566EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/25 6:1 a.m.22 views

CVE-2026-25785

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS0.00566EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-21875

Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...

9.8CVSS6.1AI score0.00566EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.6 views

CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

6.1CVSS5.5AI score0.00281EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.4 views

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

6.1CVSS5.3AI score0.00281EPSS
Exploits1References1
OSV
OSV
added 2026/02/03 6:16 p.m.3 views

CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

6.1CVSS5.8AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.13 views

CVE-2025-69429

The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...

6.1CVSS0.00281EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.12 views

CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

6.1CVSS0.00281EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 12:0 a.m.4 views

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

5.4AI score0.00281EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-5972

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS affected versions not specified Description The ZSPACE Q2C NAS is affected by an issue involving incorrect symbolic link handling. An attacker can format a USB drive to ext4, create a symbolic link to its root directory, insert...

6.1CVSS5.4AI score0.00281EPSS
Exploits1References3
NVD
NVD
added 2026/01/30 7:16 a.m.12 views

CVE-2026-0805

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

8.8CVSS0.00599EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/30 6:4 a.m.6 views

EUVD-2026-5043

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

8.2CVSS6.5AI score0.00599EPSS
Exploits0References1
CVE
CVE
added 2026/01/30 6:4 a.m.16 views

CVE-2026-0805

CVE-2026-0805 affects Crafty Controller’s Backup Configuration component. The vulnerability is described as an input neutralization/path traversal weakness that could allow a remote, authenticated attacker to tamper files and achieve remote code execution. Reported CVSS v3.1 base score is 8.2 (HI...

8.8CVSS6.5AI score0.00599EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/30 6:4 a.m.27 views

CVE-2026-0805 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

8.2CVSS0.00599EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/30 6:4 a.m.6 views

EUVD-2026-5044

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

9.9CVSS6.5AI score0.00681EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/30 6:4 a.m.27 views

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

9.9CVSS0.00681EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.9 views

PT-2026-5380

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization weakness exists in the Backup Configuration component of Crafty Controller. A remote, authenticated attacker can exploit this to tamper with files and execut...

8.2CVSS6AI score0.00599EPSS
Exploits0References6
OSV
OSV
added 2026/01/13 7:2 p.m.5 views

GHSA-562R-8445-54R2 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Impact Vulnerability Type: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. Affected Users: Users...

7.5CVSS7.1AI score0.00311EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/10 6:43 a.m.11 views

CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

7.5CVSS6.6AI score0.00311EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.12 views

CVE-2021-22488

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups...

7.5CVSS6.9AI score0.00693EPSS
Exploits0References1
Rows per page
Query Builder