Lucene search
+L

1439 matches found

OSV
OSV
added 2026/04/13 9:26 p.m.9 views

MAL-2026-2624 Malicious code in asciitoart (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591 Through an obscure way, one of the package files got overwritten by a remote obfuscated code, which appears to be an infostealer. After executing the malicious...

5.9AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/11 10:22 p.m.135 views

Exploit for CVE-2025-81110

CVE-2025-81110-PoC Improper Symbolic link handling in the PutC...

6AI score
Exploits1
Patchstack
Patchstack
added 2026/04/10 12:25 p.m.8 views

WordPress Tutor LMS plugin <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'orderid' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.7...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

WordPress plugin Perfmatters 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.9AI score0.00408EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 6:16 p.m.3 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS0.00126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 5:54 p.m.11 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS6.8AI score0.00731EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/06 5:30 p.m.13 views

EUVD-2026-19408

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

9.1CVSS5.9AI score0.00438EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.15 views

Directus 安全漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.1 contained a security vulnerability. This vulnerability stemmed from the TUS recoverable upload endpoint, which only performed...

8.1CVSS6AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 9:10 p.m.5 views

EUVD-2026-17985

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings...

8.6CVSS5.8AI score0.00288EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.12 views

Tinybeans Private Family Album App 安全漏洞

Tinybeans Private Family Album App is a private album application developed by the American company Tinybeans. It is designed for recording and sharing family photos and moments of growth. The Tinybeans Private Family Album App v5.9.5-prod version has a security vulnerability. This vulnerability...

8.4CVSS6.1AI score0.00205EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.9 views

Docudepot PDF Reader 安全漏洞

Docudepot PDF Reader is a reading tool developed by Docudepot that supports the viewing and management of PDF documents. Version 1.0.34 of Docudepot PDF Reader contains a security vulnerability. This vulnerability stems from the possibility of arbitrary file overwriting, which could allow attacke...

8.4CVSS6.1AI score0.00141EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

MaruNuri 安全漏洞

MaruNuri is a comprehensive software system provided by MaruNuri Company, which offers content management and information publishing functions. Version 2.0.23 of MaruNuri contains a security vulnerability. This vulnerability stems from an arbitrary file overwriting during the file import process,...

9.8CVSS6.3AI score0.0069EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

App Craze Voice Recorder 安全漏洞

App Craze Voice Recorder is a mobile recording application developed by App Craze Company, which supports audio recording and management. Version 10.0 of App Craze Voice Recorder contains a security vulnerability. This vulnerability stems from an arbitrary file overwriting during the file import...

8.6CVSS6.3AI score0.00207EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/03/28 8:49 p.m.193 views

Exploit for Path Traversal in Isaacs Tar

🛡️ CVE-2026-31802 - Simple Proof of Concept Viewer !Downloa...

8.2CVSS5.9AI score0.00253EPSS
Exploits4
OSV
OSV
added 2026/03/26 12:37 p.m.8 views

CLSA-2026-1774528630 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

6.8CVSS7AI score0.58204EPSS
Exploits9References1
Snyk
Snyk
added 2026/03/25 7:38 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the readDir API endpoint. An attacker can access and enumerate arbitrary directories and retrieve file names by sending crafted requests to the endpoint. Details A Directory Traversal attack also known as path...

9.8CVSS6.9AI score0.0066EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/19 7:25 p.m.2 views

CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

6.5CVSS5.8AI score0.00216EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 6:13 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pkgutil.getdata function. An attacker can access files and directories outside the intended root directory by supplying crafted input to the resource argument. Details A Directory Traversal attack also known ...

4.8CVSS6.5AI score0.00238EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/03/16 2:22 p.m.7 views

Delete doesn’t mean gone. Here’s how File Shredder fixes that

You have done it a thousand times. Right-click. Delete. Empty Trash. Done. Except it's not done. That file, your tax return, your private photos, that EmbezzlementPlan.doc… it's all still sitting on your drive. Invisible to you, but not to anyone with a $30 recovery tool downloaded from the...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.10 views

Zdir Pro 安全漏洞

Zdir Pro is a multi-functional private storage program developed by Zdir Pro Company in China. The version 4.x of Zdir Pro contains a security vulnerability. This vulnerability stems from a path traversal vulnerability in the ZIP extraction API, which may lead to file writes being performed outsi...

9.1CVSS6.2AI score0.0053EPSS
Exploits1References3
Rows per page
Query Builder