Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2850 matches found

NVD
NVDadded 2026/05/15 1:16 p.m.14 views

CVE-2026-41552

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS0.00042EPSS
Exploits0References2
CVE
CVEadded 2026/05/15 12:31 p.m.13 views

CVE-2026-41552

PDF Export Module used in DHTMLX’s Gantt and Scheduler is vulnerable to path traversal due to insufficient HTML sanitization. An unauthenticated user could craft a payload that references local server files and renders them in the generated PDF. The issue is fixed in PDF Export Module version 0.7...

9.2CVSS5.8AI score0.00042EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/15 12:31 p.m.6 views

CVE-2026-41552

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.8AI score0.00042EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/15 12:31 p.m.15 views

EUVD-2026-30538

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.8AI score0.00153EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/15 12:31 p.m.40 views

CVE-2026-41552 Path Traversal in PDF Export Module

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS0.00042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/15 12:31 p.m.7 views

CVE-2026-7182

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS5.8AI score0.00153EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/15 12:31 p.m.7 views

CVE-2026-7182 Path Traversal in Diagram

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS5.8AI score0.00153EPSS
Exploits0References3
CVE
CVEadded 2026/05/15 12:31 p.m.15 views

CVE-2026-7182

The CVE concerns Diagram’s export module vulnerability to Path Traversal via the src attribute due to insufficient HTML sanitization. An unauthenticated attacker could craft HTML payloads that access local server files and cause them to be displayed in the generated PDF. The issue is mitigated by...

9.2CVSS5.8AI score0.00153EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/15 12:31 p.m.40 views

CVE-2026-7182 Path Traversal in Diagram

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.6 views

PT-2026-41295

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.8AI score0.00042EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/15 12:0 a.m.8 views

DHTMLX Diagram 路径遍历漏洞

DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...

9.2CVSS5.8AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/15 12:0 a.m.6 views

DHTMLX Gantt 路径遍历漏洞

DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Versions of DHTMLX Gantt prior to 0.7.6 contained a path traversal vulnerability. This vulnerability stemmed from a lack of HTML cleaning,...

9.2CVSS5.8AI score0.00042EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/14 8:8 p.m.4 views

EUVD-2026-30478

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00069EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 2:16 p.m.3 views

ALPINE-CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00049EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 2:16 p.m.2 views

UBUNTU-CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00049EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/14 1:0 p.m.4 views

CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00049EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/14 1:0 p.m.4 views

CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00049EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.4 views

PT-2026-41119

Name of the Vulnerable Software and Affected Versions OneDev versions prior to 15.0.2 Description OneDev is a Git server featuring CI/CD, kanban, and packages. A flaw exists where the boundary between repository-controlled LFS Large File Storage metadata and server-local filesystem paths is...

7.1CVSS5.9AI score0.00069EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.6 views

PT-2026-40920

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Symlink following in pg basebackup plain format and in pg...

10CVSS5.9AI score0.0008EPSS
Exploits0References69
Tenable Nessus
Tenable Nessusadded 2026/05/14 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-6475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc,...

8.8CVSS5.8AI score0.00049EPSS
Exploits0References4
Rows per page
Query Builder