Lucene search
+L

322 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/13 9:20 p.m.5 views

CVE-2026-32713

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

4.3CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:20 p.m.41 views

CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

4.3CVSS0.00387EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.9 views

Adobe Commerce 代码问题漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a server-side request forgery vulnerability that can be exploited by an attacker to read arbitrary file systems...

5.5CVSS5.9AI score0.00232EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005513)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005513 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing oinfo ocfs2globalreadinfo will initialize and schedule...

7.8CVSS6.5AI score0.00268EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/26 5:28 p.m.208 views

Exploit for CVE-2026-2636

CVE-2026-2636: CLFS.sys Unrecoverable State Leading to BSoD !...

5.5CVSS5.6AI score0.0041EPSS
Exploits2
NVD
NVD
added 2026/02/26 12:16 a.m.10 views

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

7.1CVSS0.00243EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/25 11:33 p.m.6 views

CVE-2026-27967 Symlink Escape in Agent File Tools

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

7.1CVSS6AI score0.00243EPSS
Exploits1References1
CVE
CVE
added 2026/02/25 11:33 p.m.17 views

CVE-2026-27967

CVE-2026-27967 affects Zed code editor before 0.225.9. A symlink escape in Agent file tools (read_file, edit_file) lets reading/writing files outside the project directory when a project contains external symlinks, bypassing workspace boundaries and privacy protections (file_scan_exclusions, priv...

7.1CVSS5.5AI score0.00243EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 11:33 p.m.6 views

CVE-2026-27967

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

7.1CVSS5.5AI score0.00243EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/25 11:33 p.m.10 views

CVE-2026-27967 Symlink Escape in Agent File Tools

Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...

7.1CVSS5.7AI score0.00243EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:42 p.m.6 views

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

2CVSS5.4AI score0.00176EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/28 11:0 p.m.15 views

SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal

File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...

7.5CVSS5.6AI score0.00505EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/27 9:8 p.m.6 views

CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

5.9CVSS5.8AI score0.00265EPSS
Exploits0References5
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.16 views

Multiple Vulnerabilities in Node.js (Wednesday, May 14, 2025 Security Releases). Nessus Plugin ID 236766

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

7.5CVSS7.5AI score0.00763EPSS
Exploits1
OSV
OSV
added 2026/01/23 12:23 p.m.17 views

OESA-2026-1215 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...

5.5CVSS4.3AI score0.00208EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/01/20 12:29 p.m.223 views

Exploit for CVE-2026-22812

README.md OpenCode CVE-2026-22812 Exploiter Simple Python tool...

8.8CVSS5.4AI score0.16955EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.4 views

CVE-2025-68705

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...

9.3CVSS6.8AI score0.06558EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.31 views

CVE-2017-20212 FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile function to access...

8.7CVSS0.08345EPSS
Exploits1References5
NVD
NVD
added 2026/01/07 9:15 p.m.11 views

CVE-2025-68705

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...

9.8CVSS0.06558EPSS
Exploits3References2
OSV
OSV
added 2026/01/07 8:31 p.m.8 views

CVE-2025-68705 RustFS Path Traversal Vulnerability

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...

9.3CVSS6.7AI score0.06558EPSS
Exploits3References4
Rows per page
Query Builder