Lucene search
K

147 matches found

OSV
OSV
added 2026/02/09 9:21 p.m.5 views

CVE-2026-25890 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

8.1CVSS5.5AI score0.00461EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.1 : perl (EulerOS-SA-2026-1138)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open...

5.9CVSS6AI score0.00368EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 10:5 a.m.4 views

EUVD-2025-206364

The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...

5.9CVSS5.8AI score0.00572EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.4 views

PT-2025-54227

Name of the Vulnerable Software and Affected Versions inMusic Brands Engine DJ version 4.3.0 Description Engine DJ version 4.3.0 is affected by an issue with insecure permissions. An exposed HTTP service within the Remote Library feature allows attackers to access all files and network paths...

7.5CVSS6.7AI score0.00377EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

inMusic Engine DJ 安全漏洞

inMusic Engine DJ is a suite of professional DJ software from inMusic USA. A security vulnerability exists in inMusic Engine DJ version 4.3.0, which stems from an insecure privilege in the exposed HTTP service in the remote library that could lead to access to all files and network paths...

7.5CVSS5.8AI score0.00377EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/24 12:30 p.m.3 views

EUVD-2025-205084

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc: add the handle of the event to the path The handle is essential for retrieving the AUXEVENT of each CPU and is required in perf mode. It has been added to the coresightpath so that dependent devices can access it...

5.9AI score0.00155EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/12/24 11:16 a.m.3 views

CVE-2025-68370

In the Linux kernel, the following vulnerability has been resolved: coresight: tmc: add the handle of the event to the path The handle is essential for retrieving the AUXEVENT of each CPU and is required in perf mode. It has been added to the coresightpath so that dependent devices can access it...

5.7AI score0.00155EPSS
Exploits0References10
NVD
NVD
added 2025/12/17 11:16 p.m.7 views

CVE-2025-68143

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

8.8CVSS0.07822EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/09 8:26 p.m.8 views

CVE-2016-20023

In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...

6.5CVSS6.7AI score0.00289EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/02 12:38 a.m.2 views

Directory Traversal

Overview @fastify/reply-from is a forward your HTTP request to another server, for fastify Affected versions of this package are vulnerable to Directory Traversal via the reply.from function. An attacker can access unauthorized routes by crafting a malicious URL containing encoded directory...

6.9CVSS7.4AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/24 3:30 p.m.7 views

EUVD-2025-198649

Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...

6.9CVSS6.3AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2025/11/20 3:17 p.m.6 views

CVE-2025-40605

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...

5.3CVSS5.7AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/20 12:19 p.m.2 views

CVE-2025-40605

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...

6.5AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/01 6:40 a.m.7 views

CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read

The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...

4.9CVSS0.00431EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.4 views

Red Hat build of Keycloak 代码问题漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat USA. A code issue vulnerability exists in the Red Hat build of Keycloak, which stems from a proxy misconfiguration that could result in accessing the /admin path via a non-normalized path...

3.7CVSS6.6AI score0.00386EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/22 2:32 p.m.2 views

CVE-2025-49901 WordPress Simple Link Directory plugin < 14.8.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through 14.8.1...

9.8CVSS6.6AI score0.00702EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/17 12:0 a.m.8 views

CVE-2025-62647

The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...

5CVSS0.00343EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/17 12:0 a.m.3 views

EUVD-2025-34925

The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...

5.8CVSS6.5AI score0.00343EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-10338

Malware in sbrugna...

2.5CVSS6.2AI score0.01029EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3788

Malware in sbrugna...

7.8CVSS7.6AI score0.0692EPSS
Exploits0References4
Rows per page
Query Builder