Lucene search
+L

144 matches found

OSV
OSV
added 2026/06/18 3:3 p.m.6 views

GHSA-M54H-VHF9-3W3M BBOT: Arbitrary File Write in postman_download Module

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS5.5AI score0.00251EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 3:3 p.m.11 views

EUVD-2026-37818

BBOT: Arbitrary File Write in postmandownload Module...

6.5CVSS5.2AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 11:17 p.m.12 views

CVE-2026-12568

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS0.00251EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 11:17 p.m.3 views

CVE-2026-12568

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:53 p.m.23 views

CVE-2026-12568 Arbitrary File Write in postman_download module

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:53 p.m.27 views

CVE-2026-12568

The CVE-2026-12568 entry affects the postman_download module. The root cause is unsanitized use of the workspace name field from the Postman API to build the local output directory path; if the workspace name contains path traversal characters, pathlib resolves outside the intended directory, ena...

6.5CVSS5.4AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50563

Name of the Vulnerable Software and Affected Versions Postman Download Module affected versions not specified Description The postman download module fails to sanitize the workspace name field retrieved from the Postman API when constructing local directory paths. A malicious workspace name...

6.5CVSS5.3AI score0.00251EPSS
Exploits0References12
vulnersOsv
vulnersOsv
added 2026/03/19 5:43 p.m.9 views

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-33228 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-33228 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15700434...

9.8CVSS6AI score0.00808EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/12 8:41 p.m.9 views

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-32141 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-32141 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15518042...

7.5CVSS7.1AI score0.00807EPSS
Exploits1
NVD
NVD
added 2026/02/27 10:16 p.m.11 views

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS0.00514EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.10 views

CVE-2017-18603

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postmanemaillog page parameter...

6.1CVSS6AI score0.01011EPSS
Exploits1References1
CVE
CVE
added 2025/12/26 2:2 a.m.21 views

CVE-2025-15095

CVE-2025-15095 affects postmanlabs httpbin up to 0.6.1. The flaw is in httpbin-master/httpbin/core.py, enabling cross-site scripting via manipulated input. Exploitation is remote and publicly disclosed. Multiple sources confirm the vulnerability, but remediation notes vary and, in at least one en...

5.1CVSS5.2AI score0.00253EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/26 12:0 a.m.5 views

httpbin 代码注入漏洞

httpbin is an open source HTTP request and response service from Postman Inc. A code injection vulnerability exists in httpbin version 0.6.1 and earlier, which stems from a flaw in the file httpbin-master/httpbin/core.py and could lead to a cross-site scripting attack...

5.1CVSS4.7AI score0.00253EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/24 4:31 p.m.4 views

EUVD-2025-198920

Malicious code in @postman/pm-bin-macos-x64 npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/24 4:31 p.m.5 views

EUVD-2025-198919

Malicious code in @postman/pm-bin-windows-x64 npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.6 views

Malicious code in @postman/wdio-allure-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e12dee0f26482378a3726898a1190f71749f0cca809d0d6dc3d9c3419473924f The package @postman/wdio-allure-reporter was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 4:31 p.m.5 views

EUVD-2025-198921

Malicious code in @postman/pm-bin-macos-arm64 npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/24 4:31 p.m.4 views

EUVD-2025-198913

Malicious code in @postman/wdio-allure-reporter npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/24 4:31 p.m.5 views

EUVD-2025-198918

Malicious code in @postman/postman-collection-fork npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/24 4:31 p.m.5 views

EUVD-2025-198914

Malicious code in @postman/secret-scanner-wasm npm...

6.6AI score
Exploits0
Rows per page
Query Builder