Lucene search
K

545 matches found

CVE
CVE
added 2026/02/23 6:32 a.m.24 views

CVE-2026-2976

CVE-2026-2976 affects FastApiAdmin up to 2.2.0. The vulnerability resides in the Download Endpoint, specifically the download_controller in /backend/app/api/v1/module_common/file/controller.py, where manipulation of the file_path argument leads to information disclosure. The issue can be triggere...

6.5CVSS5AI score0.0031EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.12 views

PT-2026-21514

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

6.5CVSS5.2AI score0.00297EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.10 views

PT-2026-21501

A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download controller of the file /backend/app/api/v1/module common/file/controller.py of the component Download Endpoint. This manipulation of the argument file path causes information disclosure. It...

5.3CVSS4.9AI score0.0031EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.7 views

CVE-2026-26098

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 4:54 p.m.23 views

CVE-2026-26098

The CVE-2026-26098 entry concerns Owl opds version 2.2.0.4 and is caused by an Uncontrolled Search Path Element. The issue permits manipulation of configuration file search paths via a crafted network request, indicating local attack vector with high impact on confidentiality and integrity, and h...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.11 views

PT-2026-21265

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21264

Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request...

8.4CVSS5.4AI score0.00109EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 12:55 a.m.8 views

Reliance on Untrusted Inputs in a Security Decision

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via unsafe handling of the PATH environment variable. An authenticated attacker with access to an execution surface can execute arbitra...

8.8CVSS6.3AI score0.00465EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/16 6:2 a.m.5 views

CVE-2026-2538

A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The attack's complexity is rated as high. The...

7.3CVSS4.7AI score0.00157EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/15 1:16 p.m.9 views

CVE-2026-2516

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is...

7.3CVSS0.00115EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.18 views

PT-2026-7260

Name of the Vulnerable Software and Affected Versions Artifex MuPDF versions up to 1.26.1 Description A flaw exists in Artifex MuPDF up to version 1.26.1 on Windows. The issue is related to uncontrolled search path manipulation caused by the get system dpi function within the platform/x11/win...

7.3CVSS5.2AI score0.00115EPSS
Exploits0References9
NVD
NVD
added 2026/02/03 10:16 p.m.11 views

CVE-2020-37086

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

6.9CVSS0.00499EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37086

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

6.9CVSS5.5AI score0.00499EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/01 12:56 p.m.35 views

CVE-2022-50950 Webile 1.0.1 Directory Traversal Vulnerability via Web Application

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

7.1CVSS0.00875EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.11 views

PT-2026-5571

Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system...

7.1CVSS5.9AI score0.00875EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50932

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...

8.7CVSS5.8AI score0.03534EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.6 views

CVE-2021-27471

The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfull...

8.6CVSS6.7AI score0.02745EPSS
Exploits0References1
OSV
OSV
added 2026/01/09 12:15 a.m.5 views

CVE-2026-0732

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgradefilter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used...

9.8CVSS6.2AI score0.09953EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/08 11:32 p.m.6 views

CVE-2026-0732 D-Link DI-8200G upgrade_filter.asp command injection

A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgradefilter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS6.5AI score0.09953EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.54 views

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

8.7CVSS0.0035EPSS
Exploits1References3
Rows per page
Query Builder