Lucene search
K

5661 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3775

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...

7.8CVSS6AI score0.00251EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.4 views

CVE-2026-3775 Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writab...

7.8CVSS6AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 1:40 a.m.10 views

CVE-2026-3780

CVE-2026-3780 concerns Foxit PDF Editor/Reader installers on Windows. The root cause is an installer that runs with elevated privileges while resolving system executables and DLLs using untrusted search paths that may include user-writable directories. This allows a local attacker to place malici...

7.8CVSS5.9AI score0.00121EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/01 1:40 a.m.1 views

CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

7.3CVSS5.9AI score0.00121EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.1 views

CVE-2026-3780

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

7.3CVSS5.9AI score0.00121EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/04/01 1:40 a.m.28 views

CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

7.3CVSS0.00121EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 1:16 a.m.12 views

CVE-2025-71282

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

8.7CVSS0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/01 12:30 a.m.24 views

CVE-2025-71282 XenForo Path Disclosure via open_basedir Exceptions

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...

8.7CVSS0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 12:30 a.m.6 views

CVE-2025-71282

XenForo before 2.3.7 discloses filesystem paths via exception messages triggered by open_basedir restrictions, enabling an attacker to obtain information about the server’s directory structure. Affected product: XenForo web forum software (pre-2.3.7). Root cause: exception messages reveal filesys...

8.7CVSS5.9AI score0.00342EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29435

Name of the Vulnerable Software and Affected Versions The application affected versions not specified Description The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low-privileged users and is not...

7.8CVSS6AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29671

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.14.1 Description The external data feature in Copier allows templates to load YAML files using paths controlled by the template. This can allow a malicious template to read YAML-parseable local files accessible to th...

5.5CVSS5.9AI score0.00287EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.5 views

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities stem from the installer’s elevated...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29545

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.4 views

Xenforo 安全漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.7 contained security vulnerabilities. These vulnerabilities stemmed from abnormal messages triggered by the openbasedir limitation, which allowed the leakage of file system paths. This could potentially...

8.7CVSS5.8AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29440

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application's installer operates with elevated privileges but utilizes untrusted search paths to resolve system executables and DLLs. These paths can includ...

7.8CVSS5.1AI score0.00121EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in the Windows Media Player, where remote host file URLs and UNC-style paths were accept...

6.9CVSS5.8AI score0.00319EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/31 11:2 p.m.2 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete properties from built-in prototypes by supplying array-wrapped path segments, potentially impacting application behaviour. Notes: 1 Version 4.18.0 was intend...

7.9CVSS6.4AI score0.01535EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 8:16 p.m.3 views

DEBIAN-CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

5.3CVSS5.3AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 7:18 p.m.53 views

CVE-2026-2950

CVE-2026-2950 affects lodash ≤ 4.17.23, enabling prototype pollution via array-wrapped path segments in _.unset and _.omit. The attack can delete properties from built-in prototypes (Object.prototype, Number.prototype, String.prototype) without overwriting behavior. The issue is patched in lodash...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References1Affected Software4
Debian CVE
Debian CVE
added 2026/03/31 7:18 p.m.5 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS5.3AI score0.00317EPSS
Exploits0
Rows per page
Query Builder