Lucene search
K

2536 matches found

RedHat Linux
RedHat Linux
added last week11 views

Important: Red Hat Security Advisory: python3.14-pip security update

An update for python3.14-pip is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

8CVSS7.3AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 3:17 p.m.15 views

CVE-2026-55117

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...

8.6CVSS0.00382EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.6 views

CVE-2026-55111

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:53 p.m.7 views

CVE-2026-58170

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 3:51 p.m.7 views

EUVD-2026-40373

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS6AI score0.00628EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53908

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.20 and earlier ColdFusion version 2025.9 Description An Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal, allows an attacker to access sensitive files and directories outside th...

9.3CVSS6.2AI score0.01577EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53238

Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A path traversal flaw exists in spice-vdagent, where a path traversal is a vulnerability that allows an attacker to access files and directories that are stored outside the web root...

4.4CVSS6.1AI score0.00135EPSS
Exploits0References12
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5115 Grafana Loki Path Traversal - CVE-2021-36156 Bypass in github.com/grafana/loki

Grafana Loki Path Traversal - CVE-2021-36156 Bypass in github.com/grafana/loki...

5.3CVSS5.8AI score0.00409EPSS
Exploits0References3
CISA
CISA
added 2026/06/15 12:0 p.m.146 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20262link is external Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420link is external LiteSpeed cPanel Plugin UNIX...

8.5CVSS5.4AI score0.07683EPSS
In wildExploits5References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:28 p.m.8 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...

7.5CVSS6.9AI score0.01916EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Apple macOS 路径遍历漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a path traversal vulnerability. This vulnerability stemmed from parsing issues with directory path handling, which could allow...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.20 views

Perry 路径遍历漏洞

Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...

8.6CVSS5.4AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:21 p.m.9 views

CVE-2026-34657 CAI Content Credentials | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS5.6AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:19 a.m.39 views

CVE-2026-24315

SAP Fiori Launchpad is affected by a vulnerability where crafted malicious URLs can trigger arbitrary service calls on the Fiori domain, potentially leading to credential theft after user interaction. Exploitation is described as requiring advanced knowledge of the system, with impact limited to ...

4.2CVSS5.6AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Microsoft Office Sharepoint Server 路径遍历漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a path traversal vulnerability present in Microsoft Office SharePoint. Attackers can exploit this vulnerability to execute code remotely. The following...

8.8CVSS7.1AI score0.0163EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Adobe CAI Content Credentials 路径遍历漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc. in the United States. It offers capabilities for authenticating digital content sources and tracking editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1...

5.5CVSS5.6AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Apptha Mac Photo Gallery 路径遍历漏洞

Apptha Mac Photo Gallery is a PHP-based website image display system developed by Apptha Corporation. Version 3.0 of Apptha Mac Photo Gallery has a path traversal vulnerability. This vulnerability stems from improper handling of the albid parameter, allowing unauthenticated attackers to download...

8.7CVSS5.5AI score0.00641EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

7.5CVSS6.8AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35487

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS5.5AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder