Lucene search
+L

1030 matches found

RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-43732

A flaw was found in WebKitGTK. Processing maliciously crafted web content can disclose sensitive user information due to a path handling issue that was addressed with improved validation...

6.5CVSS6AI score0.00255EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-62683

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References4Affected Software1
NVD
NVD
added 3 days ago11 views

CVE-2026-5270

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...

9.8CVSS0.00452EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago39 views

CVE-2026-5270 Authentication Bypass in Navigator and Blue Planet Products

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...

0.00452EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 5:46 p.m.4 views

CVE-2026-61343

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...

8.6CVSS6.2AI score0.0084EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References4
OSV
OSV
added 2026/07/08 4:16 p.m.1 views

DEBIAN-CVE-2026-59871

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/07/08 3:25 p.m.6 views

CVE-2026-59871

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

7.5CVSS5.9AI score0.00358EPSS
Exploits1
EUVD
EUVD
added 2026/07/08 3:25 p.m.5 views

EUVD-2026-42308

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

5.3CVSS5.9AI score0.00358EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 3:25 p.m.3 views

CVE-2026-59871 node-tar: Process crash via PAX numeric path type confusion

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

5.3CVSS6.1AI score0.00358EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/03 4:30 a.m.8 views

EUVD-2026-41488

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.5 views

httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue

A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...

9.1CVSS5.8AI score0.00538EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40897

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References5
NCSC
NCSC
added 2026/06/30 11:48 a.m.13 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NVD
NVD
added 2026/06/29 8:17 p.m.7 views

CVE-2026-43732

A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...

6.5CVSS0.00255EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:42 p.m.8 views

CVE-2026-43732

A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:42 p.m.19 views

CVE-2026-43732

CVE-2026-43732 describes a path handling issue in WebKit used by Safari and Apple OS components. The vulnerability arises from insufficient validation in path handling when processing web content, potentially allowing disclosure of sensitive user information. Apple fixes are included in Safari 26...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References3Affected Software4
EUVD
EUVD
added 2026/06/29 3:58 p.m.11 views

EUVD-2026-40133

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS6AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53724

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A path handling issue exists where processing maliciously crafted web content may disclose sensitive...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References7
Rows per page
Query Builder