Lucene search
K

102 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/25 10:42 p.m.3 views

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS6.3AI score0.00718EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/25 9:54 p.m.9 views

n8n has Arbitrary Command Execution via File Write and Git Operations

Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...

9CVSS6.4AI score0.00718EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/02/24 2:31 a.m.10 views

EUVD-2026-7405

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer...

6.7CVSS5.6AI score0.00145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 2:31 a.m.4 views

CVE-2026-3091

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.7 views

Synology Presto Client 代码问题漏洞

Synology Presto Client is a high-speed transfer tool developed by the Chinese company Synology. Versions of Synology Presto Client prior to 2.1.3-0672 contained a code vulnerability. This vulnerability stemmed from uncontrolled search path elements during the installation process, which could all...

7.1CVSS6AI score0.00145EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/02/23 9:10 p.m.7 views

OpenClaw: What is it and can you use it safely?

An AI tool with a funny name has caused quite a commotion as of late—including some allegations of machine consciousness—so here is a breakdown on OpenClaw. Launched in November 2025, OpenClaw is an open-source, autonomous artificial intelligence AI agent that was made to run locally on your own...

5.8AI score
Exploits0
CVE
CVE
added 2026/02/06 5:46 p.m.13 views

CVE-2026-23633

Gogs (pre-0.13.4 and pre-0.14.0+dev) contains a path-traversal flaw in the Git hook editing endpoint that allows arbitrary file read/write via the :name parameter in /username/reponame/settings/hooks/git/:name. The vulnerability arises from URL-decoding the parameter and using it to build file pa...

6.5CVSS5.4AI score0.00456EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/02/04 6:25 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via improper file access controls in the workflow creation or modification process. An attacker can modify sensitive host system files, including...

9.9CVSS5.6AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2025/12/26 9:51 p.m.7 views

CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node...

7.1CVSS6.7AI score0.00242EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 10:44 a.m.3 views

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

8.4CVSS6.2AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.5 views

PT-2025-49839

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the file transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

8.4CVSS6.5AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 11:15 p.m.6 views

CVE-2025-58423

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

8.8CVSS0.00468EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/06 10:31 p.m.13 views

CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

8.8CVSS0.00468EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/24 12:30 a.m.8 views

EUVD-2025-35740

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

10CVSS6.7AI score0.00605EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/17 3:27 p.m.12 views

CVE-2025-62353

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

9.8CVSS0.00595EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-23567

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00777EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25690

Malicious code in bioql PyPI...

10CVSS6.8AI score0.00625EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54937

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2025/08/29 7:20 a.m.12 views

CVE-2024-13987

CVE-2024-13987 concerns the Synology RADIUS Server, where an issue of improper input neutralization during web page generation enables a cross-site scripting (XSS) vulnerability. This affects versions prior to 3.0.27-0139, and is exploitable by remote authenticated users with administrator privil...

5.9CVSS6.2AI score0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/29 7:20 a.m.3 views

CVE-2024-13987

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors...

5.9CVSS6.2AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder