Lucene search
K

1396 matches found

Vulnrichment
Vulnrichment
added 2026/05/20 9:23 a.m.7 views

CVE-2026-35070

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for...

6.4CVSS5.8AI score0.00451EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 9:23 a.m.42 views

CVE-2026-35070

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for...

6.4CVSS0.00451EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:23 a.m.6 views

CVE-2026-35070

Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for...

6.4CVSS5.8AI score0.00451EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42126

Name of the Vulnerable Software and Affected Versions Dell SmartFabric Storage Software versions prior to 1.4.5 Description An improper neutralization of special elements used in a command, known as command injection, allows a high privileged attacker with local access to potentially gain...

6.4CVSS5.8AI score0.00451EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/19 1:56 p.m.10 views

CVE-2026-44566

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with...

9.8CVSS5.8AI score0.00336EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.9 views

SUSE CVE-2026-33380

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

7.7CVSS6AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.10 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:28 p.m.47 views

CVE-2026-33380 SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.3CVSS0.00262EPSS
Exploits0References1
Grafana
Grafana
added 2026/05/13 12:0 a.m.9 views

SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server’s filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.3CVSS6AI score0.00262EPSS
Exploits0
OSV
OSV
added 2026/05/12 10:16 p.m.6 views

UBUNTU-CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 9:37 p.m.37 views

CVE-2026-44301

Hugo (static site generator) versions 0.43 through 0.160.x are vulnerable when building a site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS). The vulnerability arises because Hugo invoked the configured Node tools without restrictions on file system access, potentially allowi...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/12 8:16 p.m.10 views

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:2 p.m.11 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:21 p.m.7 views

CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-40423

Name of the Vulnerable Software and Affected Versions Pulpy versions prior to 0.1.1 Description Pulpy injects a pulpy.fs JavaScript API into packaged web applications to provide host filesystem access. The validateFsPath function, intended to sandbox this access, contains an incomplete blocklist...

9.3CVSS5.9AI score0.00357EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:51 p.m.5 views

CVE-2026-43901

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...

6.8CVSS5.8AI score0.00281EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/05/11 10:16 a.m.26 views

CVE-2026-40636

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

9.8CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 8:57 a.m.18 views

CVE-2026-40636

Dell ECS (3.8.1.0–3.8.1.7) and Dell ObjectScale versions before 4.3.0.0 contain a hard-coded credential issue. An unauthenticated, locally-accessible attacker could potentially obtain filesystem access. CVSS 3.1 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and av...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/11 8:57 a.m.6 views

CVE-2026-40636

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 8:57 a.m.8 views

CVE-2026-40636

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder