Lucene search
K

5698 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44368

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /pathr HTTP/1.1r Host:...

5.8AI score0.00226EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Python Liquid 路径遍历漏洞

Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...

8.2CVSS5.8AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

DeepCode 路径遍历漏洞

DeepCode is a multi-agent code generation tool open-source by Data Intelligence Lab@HKU. Previous versions of DeepCode c991dc2 contained a path traversal vulnerability. This vulnerability originated from the SPA catch-all route in newui/backend/main.py, which had a path traversal vulnerability...

8.7CVSS6AI score0.00376EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44540

Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...

8.2CVSS5.9AI score0.006EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44232

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel within the ULPI UTMI Low Pin Interface driver. When the ulpi of register or ulpi read id functions fail before device register is called, the...

9.8CVSS6AI score0.00574EPSS
Exploits1References293
Cvelist
Cvelist
added 2026/05/27 9:54 p.m.41 views

CVE-2026-46402 Microsoft UFO uses untrusted task_name in log paths, allowing authenticated path traversal and log file creation outside the logs directory

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...

8.1CVSS0.00674EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 8:16 p.m.28 views

CVE-2026-8363

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

9.8CVSS0.00335EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:42 p.m.7 views

CVE-2026-8362

A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome...

9.8CVSS6.1AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 7:42 p.m.21 views

CVE-2026-8362

CVE-2026-8362 describes a stack-based buffer overflow in WOSDefaultHttpModule.dll when processing long URL paths starting with /woshome. Affected software/component: WOSDefaultHttpModule.dll. Root cause: unbounded processing of long URL path leading to overflow. Impact is described as high confid...

9.8CVSS6.1AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:40 p.m.11 views

CVE-2026-8363 Gladinet Triofox Stack-based Buffer Overflow in WOSDeviceDropFolder.dll

A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...

9.8CVSS6.1AI score0.00335EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:38 p.m.15 views

CVE-2026-8364 Gladinet Triofox Missing Authentication for Critical Functions

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS5.8AI score0.00305EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:38 p.m.10 views

CVE-2026-8364

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS5.8AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2026-32390

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbdvfskernpathendremoving on some error paths There are two places where ksmbdvfskernpathendremoving needs to be called in order to balance what the corresponding successful call to ksmbdvfskernpathstartremoving has...

5.8AI score0.0012EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/27 3:33 p.m.10 views

EUVD-2026-32394

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If the subsequent allocation for inst-codecinfo fails, the functions retu...

5.8AI score0.00127EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:23 p.m.11 views

CVE-2026-6957

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 2:17 p.m.8 views

UBUNTU-CVE-2026-45947

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo, resulting in a memory leak. Fix this by...

5.5CVSS5.8AI score0.00162EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/27 2:13 p.m.11 views

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...

5.9AI score0.00299EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/05/27 1:20 p.m.15 views

USN-8322-1: Apache Commons BeanUtils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.1AI score0.01495EPSS
Exploits1
OSV
OSV
added 2026/05/27 1:20 p.m.8 views

USN-8322-1 commons-beanutils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.5AI score0.01495EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:58 p.m.8 views

CVE-2026-46096

In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page allocation: 1. When namesize returns an error unrecognized hash algorith...

5.9AI score0.00121EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder