Lucene search
K

180 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-15302

The ARMember plug-in for WordPress (affected: all versions up to and including 4.0.27) is vulnerable to Directory Traversal via the X-FILENAME HTTP header. Unauthenticated attackers can upload and overwrite certain files (e.g., CSS) outside the wp-content/uploads/armember directory. This is a net...

5.3CVSS5.9AI score0.00533EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-14967 Path traversal in github_workflows allows writing artifacts outside output directory

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 10:16 p.m.4 views

DEBIAN-CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.3CVSS5.9AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 1:10 p.m.4 views

OESA-2026-2694 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.2CVSS5.8AI score0.00622EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 5:21 p.m.9 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:16 p.m.9 views

CVE-2026-48129

Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task inputFiles writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an inputFiles file name, ...

6.5CVSS6AI score0.00308EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/18 9:5 a.m.12 views

EUVD-2026-37866

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

7.1CVSS5.3AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:3 a.m.36 views

CVE-2026-40987

CVE-2026-40987 affects Spring Integration across multiple tracked branches (7.0.0–7.0.4, 6.5.0–6.5.8, 6.4.0–6.4.11, 6.3.0–6.3.14, 5.5.0–5.5.20). The connected documents describe a vulnerability where a malicious or compromised FTP/SFTP/SMB server can cause the client to write arbitrary files anyw...

7.1CVSS5.6AI score0.0021EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/06 2:54 a.m.14 views

SUSE CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

7.5CVSS5.4AI score0.00622EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

8.7CVSS5.3AI score0.00609EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:0 a.m.11 views

CVE-2026-10732

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

9.8CVSS6.4AI score0.02147EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.9 views

PT-2026-49599

Impact skillctl 0.1.0 and 0.1.1 contained four path-safety vulnerabilities that, in combination, allowed an attacker to: 1. Exfiltrate arbitrary files on the operator's machine by publishing a malicious skills library containing a symlink inside a skill folder e.g. niania →...

5.6AI score
Exploits0References5
NVD
NVD
added 2026/06/04 4:16 p.m.12 views

CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS0.00622EPSS
Exploits0References11
CVE
CVE
added 2026/06/04 2:21 p.m.62 views

CVE-2026-7774

The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...

6.9CVSS5.8AI score0.00622EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:21 p.m.7 views

CVE-2026-7774

tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...

6.9CVSS5.8AI score0.00622EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-7774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outsid...

6.9CVSS5.9AI score0.00622EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-fs vulnerabilities (USN-8367-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8367-1 advisory. It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this iss...

8.7CVSS6AI score0.02186EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/06/01 3:1 p.m.11 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.0032EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/30 7:9 a.m.12 views

Path Traversal

lsfusion.platform, web-client is vulnerable to Path Traversal. The vulnerability is due to improper validation of the sid argument in the UploadFileRequestHandler component, which allows a remote attacker to perform path traversal by manipulating the parameter and accessing files outside the...

9.8CVSS7.2AI score0.00525EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/05/28 9:18 p.m.33 views

CVE-2026-45403

Summary of CVE-2026-45403 : AnythingLLM’s agent filesystem copy tool (prior to v1.13.0) validates only the top-level source/destination. The recursive copy helper traverses child entries with fs.stat() and copies via fs.copyFile() without validating each child or rejecting symlinks. A symlink ins...

2.5CVSS5.8AI score0.00193EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder