Lucene search
+L

8988 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/29 7:53 a.m.7 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 7:53 a.m.54 views

CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00135EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 7:53 a.m.23 views

CVE-2026-57966

Summary (CVE-2026-57966): A path traversal flaw in spice-vdagent allows a malicious/untrusted SPICE host to write arbitrary files on the guest filesystem via an unsanitized filename during file transfers. The vulnerability enables writes with the spice-vdagent process privileges (usually the logg...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.18 views

PT-2026-53238

Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A path traversal flaw exists in spice-vdagent, where a path traversal is a vulnerability that allows an attacker to access files and directories that are stored outside the web root...

4.4CVSS6.1AI score0.00135EPSS
Exploits0References12
GithubExploit
GithubExploit
added 2026/06/28 3:23 a.m.124 views

Exploit for OS Command Injection in Devcode Openstamanager

CVE-2025-69212 PoC - OpenSTAManager P7M Command Injection RCE...

9.4CVSS6.3AI score0.01755EPSS
Exploits13
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:18 a.m.12 views

Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction

...

7.3CVSS5.8AI score0.00137EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:18 a.m.8 views

Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

...

8.4CVSS5.8AI score0.00154EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.10 views

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

...

6.5CVSS5.8AI score0.00098EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 11:54 p.m.13 views

EUVD-2026-39487

pnpm: stage download writes outside its destination directory via manifest name/version traversal...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References3
OSV
OSV
added 2026/06/26 10:10 p.m.4 views

GHSA-2FMJ-P74R-3WJM PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

Summary pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist: php if 0 === \strpos$filename, 'phar://' throw new \InvalidArgumentException'The output file cannot be a phar archive.'; PHP stream wrappers are case-insensitive, so...

8.1CVSS6.5AI score0.00555EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 8:16 a.m.13 views

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.6 views

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS5.9AI score0.00318EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 9:53 p.m.11 views

EUVD-2026-36185

ImageMagick: Policy Bypass can read disallowed files via symlink...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:53 p.m.2 views

GHSA-XCJM-WQFF-M669 ImageMagick: Policy Bypass can read disallowed files via symlink

An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 8:4 p.m.7 views

CVE-2026-55388

A flaw was found in piscina, a Node.js worker pool implementation. This vulnerability allows an attacker to achieve arbitrary code execution by exploiting a prototype pollution issue. By manipulating the filename option, an attacker can cause their malicious code to be executed within the worker,...

8.1CVSS6.4AI score0.00296EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 4:47 p.m.22 views

CVE-2026-55700

pnpm stage download (affecting 11.3.0–11.5.3) allowed a crafted manifest to derive a local filename from package name and version, enabling the download to escape the target directory and overwrite a reachable file. The merged fix validates both fields, derives a single safe filename, and verifie...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:47 p.m.11 views

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/25 4:16 p.m.14 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:31 p.m.5 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder