Lucene search
K

639 matches found

OSV
OSV
added 2026/05/28 8:16 p.m.10 views

DEBIAN-CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 8:16 p.m.13 views

CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS0.00501EPSS
Exploits0References7
OSV
OSV
added 2026/05/28 8:16 p.m.8 views

UBUNTU-CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/05/28 7:2 p.m.11 views

CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 7:2 p.m.33 views

CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS0.00501EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/28 7:2 p.m.14 views

EUVD-2026-33001

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
CVE
CVE
added 2026/05/28 7:2 p.m.24 views

CVE-2026-49128

Music Player Daemon (MPD) up to version 0.24.11 contains a path traversal vulnerability in the local storage plugin, specifically LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8, where on-disk paths are constructed by simple string joins of the storage root and a user-supplied URI without ca...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/28 7:2 p.m.10 views

CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44495

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
NVD
NVD
added 2026/05/27 2:17 p.m.17 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS0.00325EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 9:30 p.m.13 views

Security Bulletin: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)

Summary IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration CP4I 1.5.20 has addressed an authentication vulnerability that may allow access to files in the local server storage. Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server for CP4i i...

9.1CVSS5.8AI score0.00312EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/05/24 1:16 a.m.76 views

Database-Exploitation-Manual

🛡️ SecDB Auditor - Database Security Compiling Suite & Manual...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.15 views

Security, Privacy, and Ethical Risks in OpenClaw

This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance,...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 1:22 p.m.11 views

Malicious code in ihubinternal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d05496a74a52542f8bf237430ae41377eb71e3710b41abfcc1f7b5cf3642885 The package exports a VelocityAuth function that, when called by integrating applications, sends end-user Solana wallet public keys, signed...

5.8AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed out-of-bounds access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can occur through tail calls. This occurs when two programs each utilize a cgroup local storage with...

7.1CVSS6.4AI score0.00146EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/13 3:25 p.m.103 views

Stored-XSS-Vulnerability-Lab-Detection-Mitigation-

Stored Cross-Site Scripting XSS Vulnerability Report Exe...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/13 2:22 p.m.13 views

CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

5.9CVSS5.9AI score0.00513EPSS
Exploits5References1
GithubExploit
GithubExploit
added 2026/05/13 12:41 a.m.95 views

ANTI-FLUFF

PENTESTINGMETHS Main view example: Web Application As...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/11 3:20 p.m.38 views

CVE-2026-6815 CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

0.00513EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2026/05/09 7:44 p.m.8 views

CVE-2026-42605 AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...

8.8CVSS6.5AI score0.00832EPSS
Exploits1References3
Rows per page
Query Builder