Lucene search
K

1339 matches found

NVD
NVD
•added 4 days ago•5 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS0.00349EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
•added 4 days ago•10 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
•added 5 days ago•10 views

CVE-2026-59820

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. An authenticated user, with specific API route access, could upload a specially crafted skill archive. This archive, containing path traversal entries, would allow files to be written outside of the designated extracti...

8.1CVSS6AI score0.00323EPSS
Exploits0References7
Snyk
Snyk
•added 5 days ago•3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References2
CVE
CVE
•added 5 days ago•15 views

CVE-2026-47826

CVE-2026-47826 is a directory traversal vulnerability in the BOSH CLI (blobs.yaml path). Affected are BOSH CLI versions before v7.10.4; exploitation can allow an attacker to write arbitrary files and exfiltrate sensitive data via crafted input in blobs.yaml. Connected advisories from Snyk describ...

9.1CVSS7.3AI score0.00331EPSS
Exploits0References1Affected Software1
NVD
NVD
•added 6 days ago•11 views

CVE-2026-54591

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../...

8.1CVSS0.00317EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
•added 6 days ago•3 views

Security update for trivy (important)

openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21249-1 Rating: important References: bsc1269269 bsc1269271 Cross-References: CVE-2026-54448 CVE-2026-55092 CVSS scores: CVE-2026-54448 SUSE : 6.5...

8.6CVSS6.2AI score0.00292EPSS
Exploits0References2
Cloud Foundry
Cloud Foundry
•added 6 days ago•8 views

CVE-2026-47826 - blobs.yaml Path Traversal Allows File Writes | Cloud Foundry

HIGH CVSSv4: High 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSSv3: High 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH CLI tool – All versions prior to v7.10.4 Description T...

9.1CVSS6AI score0.00331EPSS
Exploits0
NVD
NVD
•added 2026/07/06 6:16 p.m.•7 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS0.0033EPSS
Exploits0References1
Mageia
Mageia
•added 2026/07/04 6:38 a.m.•9 views

Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.6AI score0.00555EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2026/07/02 3:45 p.m.•8 views

CVE-2026-55700

A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...

7.1CVSS6AI score0.00267EPSS
Exploits1References5
NVD
NVD
•added 2026/07/01 1:17 p.m.•6 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
EUVD
EUVD
•added 2026/07/01 12:26 p.m.•7 views

EUVD-2026-40957

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2026/07/01 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-56377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attacke...

4.8CVSS6.3AI score0.00164EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/07/01 12:0 a.m.•14 views

PT-2026-54931

Name of the Vulnerable Software and Affected Versions allegroai/clearml versions prior to 2.1.6 Description Relative path traversal occurs during the extraction of .zip archives via the ZipFile.extractall method within the StorageManager. extract to cache function. This is caused by a lack of pat...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References6
OSV
OSV
•added 2026/06/29 11:50 a.m.•6 views

PYSEC-2026-411 Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

10CVSS6AI score0.00713EPSS
Exploits1References7
OSV
OSV
•added 2026/06/29 11:50 a.m.•5 views

PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.5AI score0.00769EPSS
Exploits1References5
Rows per page
Query Builder