Lucene search
K

873 matches found

CVE
CVE
added 2026/04/07 7:12 p.m.27 views

CVE-2026-39364

CVE-2026-39364 affects the Vite dev server. Vulnerable versions include Vite 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4; on those, files that should be blocked by server.fs.deny (e.g., .env, *.crt) could be retrieved via HTTP 200 when requesting with certain query params (?raw, ?import&raw, or ?...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References5Affected Software2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.12 views

Flatpak 安全漏洞

Flatpak is an open-source system developed by Flatpak for building, distributing, and running sandboxed desktop applications on Linux. Versions of Flatpak prior to 1.16.4 contained a security vulnerability. This vulnerability stemmed from the sandbox-expose option accepting symbolic links that we...

10CVSS7.5AI score0.0168EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can ...

10CVSS7.6AI score0.0168EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:59 p.m.3 views

CVE-2026-26058

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

6.1CVSS6AI score0.00237EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/04/01 11:37 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the IO::FS::WRITE function. An attacker can write arbitrary files to unintended locations on the filesystem with attacker-controlled content by supplying crafted filenames containing traversal sequences, which ar...

8.8CVSS6.3AI score0.00514EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-32097

PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/19 7:34 p.m.2 views

External Control of File Name or Path

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to External Control of File Name or Path via the chunkFile parameter in the aVideoEncoder.json.php endpoint. An attacker can access arbitrary local files by specifyin...

7.6CVSS5.9AI score0.00254EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 2:24 p.m.27 views

CVE-2026-22557

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS0.15601EPSS
Exploits3References1
Snyk
Snyk
added 2026/03/18 4:18 p.m.7 views

Directory Traversal

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access arbitrary files outside the intended static directory by sending crafted HTTP requests...

8.2CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2026/03/15 5:55 a.m.4 views

OESA-2026-1571 NetworkManager security update

NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is intended to replace default routes, obtain IP addresses from a DHC...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 9:34 p.m.3 views

EUVD-2025-208619

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

5.8AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 8:32 p.m.2 views

EUVD-2026-11611

TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS...

9.6CVSS5.8AI score0.00535EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.12 views

Tolgee 代码问题漏洞

Tolgee is an open-source, multilingual translation and localization platform developed by Tolgee itself. It aims to help development teams easily manage and maintain multilingual software applications and websites. Versions of Tolgee prior to 3.166.3 contained code vulnerabilities. These...

9.3CVSS6AI score0.00424EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 12:0 a.m.4 views

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

5.9AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 1:32 p.m.6 views

EUVD-2026-11152

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 3:31 a.m.5 views

EUVD-2026-11070

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a security feature bypass. A high-privileged attacker could...

6.8CVSS5.8AI score0.00636EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24816

🚨 CVE-2026-32097 PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files,...

8.8CVSS5.7AI score0.00288EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.3 views

CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

5CVSS5.9AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 6:40 p.m.5 views

GHSA-RW8P-C6HF-Q3PG PinchTab has SSRF with Full Response Exfiltration via Download Handler

SSRF with Full Response Exfiltration via Download Handler Summary A Server-Side Request Forgery SSRF vulnerability in the /download endpoint allows any user with API access to induce the PinchTab server to make requests to arbitrary URLs, including internal network services and local system files...

7.5CVSS5.9AI score0.00423EPSS
Exploits1References3
NVD
NVD
added 2026/03/06 7:16 a.m.8 views

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS0.00484EPSS
Exploits1References3
Rows per page
Query Builder