Lucene search
K

1642 matches found

SUSE CVE
SUSE CVE
added 2026/05/23 1:36 a.m.16 views

SUSE CVE-2024-3220

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS5.8AI score0.00478EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 12:31 a.m.15 views

EUVD-2026-31360

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:18 p.m.11 views

CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/21 5:10 p.m.10 views

EUVD-2026-31315

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSv4: Fixed an issue where uninitialized nfs4label values were used during referral lookups. The already-allocated fattr is sent along with nfs4fslocations, and the memcpy operation of fattr is removed. As a result, two...

5.5CVSS6.1AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 9:24 a.m.17 views

EUVD-2026-30864

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.9 views

PT-2026-41864

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:9 p.m.7 views

CVE-2026-45225

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References5
OSV
OSV
added 2026/05/11 6:16 p.m.9 views

PYSEC-2026-129

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

6.5CVSS5.9AI score0.00395EPSS
Exploits1References1
PyPA
PyPA
added 2026/05/11 6:16 p.m.14 views

PYSEC-2026-129

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.13 views

OSK ATBroker Registry Security Scanner

This program is a defensive Windows security scanner designed to inspect registry locations related to On-Screen Keyboard osk.exe and Accessibility/ATBroker configuration, which are sometimes abused in privilege escalation or persistence attacks...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/08 7:13 a.m.56 views

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

2.9CVSS0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of cleanup of output file names. When extracting malicious archive files, t...

5.9CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 11:25 a.m.7 views

EUVD-2026-27285

OpenClaw before 2026.4.10 contains a path traversal vulnerability in the screenrecord tool's outPath parameter that bypasses workspace-only filesystem guards. Attackers can exploit this by specifying an outPath outside the workspace boundary to write files to unintended locations on the system...

7.1CVSS5.8AI score0.0022EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/04 5:26 p.m.10 views

Incorrect Authorization

Overview org.apache.polaris:polaris-runtime-service is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this...

9.9CVSS5.8AI score0.00364EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 4:22 p.m.10 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 4:19 p.m.14 views

EUVD-2026-27039

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

9.9CVSS5.8AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

Apache Polaris 输入验证错误漏洞

Apache Polaris is a data management and query service component of the Apache Foundation. Apache Polaris has a vulnerability related to input validation, which stems from skipping expected position checks when only the write.metadata.path property is changed. This may lead to metadata being writt...

9.9CVSS5.8AI score0.00364EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Apache Polaris 输入验证错误漏洞

Apache Polaris is a data management and query service component of the Apache Foundation. Apache Polaris has a vulnerability related to input validation. This vulnerability arises from the lack of verification or proper retention of valid table locations during the creation of phase tables,...

9.9CVSS5.8AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

WordPress plugin Ona 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.4CVSS6AI score0.0025EPSS
Exploits0References1
Rows per page
Query Builder