Lucene search
K

545 matches found

euvd
euvd
added 2026/04/17 6:31 a.m.10 views

EUVD-2026-23374

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that...

7.3CVSS6.1AI score0.0015EPSS
Exploits0References7
veracode
veracode
added 2026/04/16 7:35 a.m.8 views

Arbitrary File Deletion

Gin-vue-admin is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of the FileMd5 parameter, which allows an attacker to manipulate file paths and delete arbitrary files or folders on the server...

9.1CVSS5.9AI score0.00506EPSS
Exploits1References3Affected Software1
snyk
snyk
added 2026/04/15 1:9 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
nvd
nvd
added 2026/04/14 11:16 p.m.5 views

CVE-2026-27290

Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could...

8.6CVSS0.00173EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/04/06 5:0 p.m.5 views

CVE-2026-5574

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

9.1CVSS6.2AI score0.00544EPSS
Exploits1References1
nvd
nvd
added 2026/04/06 10:16 a.m.6 views

CVE-2026-5644

A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $SERVER'PHPSELF' results in cross site scripting...

4.8CVSS0.00206EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/05 2:45 p.m.5 views

CVE-2026-5574

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

6.9CVSS6.2AI score0.00544EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2026/04/05 2:45 p.m.1 views

CVE-2026-5574 Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

6.9CVSS6.2AI score0.00544EPSS
Exploits1References4
cvelist
cvelist
added 2026/04/05 2:45 p.m.30 views

CVE-2026-5574 Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

6.9CVSS0.00544EPSS
Exploits1References4
cve
cve
added 2026/04/01 1:11 p.m.12 views

CVE-2026-0522

The CVE-2026-0522 issue affects VertiGIS FM (v10.5.00119) in the upload/download flow. A Local File Inclusion vulnerability allows an authenticated attacker to read arbitrary server files by manipulating the file path during upload; the downloaded file from the attacker-controlled path is then re...

8.8CVSS6.5AI score0.00608EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2026/03/23 10:16 p.m.6 views

CVE-2026-32910

Rejected reason: This CVE ID has been rejected...

Exploits0
snyk
snyk
added 2026/03/23 6:16 p.m.4 views

Directory Traversal

Overview github.com/ory/oathkeeper/proxy is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input when pat...

10CVSS6.4AI score0.00519EPSS
Exploits0References3
osv
osv
added 2026/03/19 10:6 p.m.4 views

CVE-2026-32015 OpenClaw 2026.1.21 < 2026.2.19 - PATH Hijacking Bypass in tools.exec.safeBins Allowlist Validation

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijacking vulnerability in tools.exec.safeBins that allows attackers to bypass allowlist checks by controlling process PATH resolution. Attackers who can influence the gateway process PATH or launch environment can execute trojan...

7.3CVSS6AI score0.00128EPSS
Exploits0References5
euvd
euvd
added 2026/03/16 3:30 p.m.7 views

EUVD-2016-10813

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

6.9CVSS5.8AI score0.00206EPSS
Exploits1References7
nvd
nvd
added 2026/03/16 2:17 p.m.10 views

CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

6.9CVSS0.00206EPSS
Exploits1References6
snyk
snyk
added 2026/03/16 8:45 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the PathUtils.RemoveParentPath function of the /api/admin/plugins/install/actions/download endpoint. An attacker can access unauthorized files or directories by manipulating the path argument. PoC POST...

5.1CVSS6.3AI score0.00438EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/15 1:35 p.m.4 views

CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

5.8AI score0.00206EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2026/03/15 1:35 p.m.25 views

CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

6.9CVSS0.00206EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2026/03/15 1:35 p.m.2 views

CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

6.9CVSS5.8AI score0.00206EPSS
Exploits1References6
cve
cve
added 2026/03/15 1:35 p.m.17 views

CVE-2016-20029

CVE-2016-20029 affects ZKTeco ZKBioSecurity 3.0. The vulnerability is a file path manipulation flaw that lets an attacker access arbitrary local files by tampering with paths used to retrieve local resources. Attackers can bypass access controls to read sensitive information, including configurat...

6.9CVSS5.8AI score0.00206EPSS
Exploits1References6
Rows per page
Query Builder