Lucene search
K

1091 matches found

RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.0021EPSS
Exploits0References5
NVD
NVD
added 2 days ago8 views

CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS0.00627EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-56876

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS0.00319EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-56876

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00319EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39812

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00319EPSS
Exploits0References3
CVE
CVE
added 5 days ago15 views

CVE-2026-56876

CVE-2026-56876 affects the extract-zip library: when extracting archives, symlink targets are not validated, enabling a symlink with a relative path (e.g., '../../../../etc/passwd') to point outside the extraction directory. Depending on usage, this could allow reading or writing to arbitrary fil...

8.6CVSS5.9AI score0.00319EPSS
Exploits0References3
ICS
ICS
added 5 days ago8 views

extract-zip unvalidated symlink path traversal

RISK EVALUATION extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the...

8.6CVSS5.9AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago3 views

EUVD-2026-39334

Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

2.4CVSS5.8AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-45188

Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue...

2.4CVSS0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:16 p.m.6 views

GHSA-M999-J542-5W3R Open Redirect Bypass in miniflux-v2

Summary The URL restrictions in miniflux-v2 can be bypassed by attackers, leading to an open redirect vulnerability. Details Normally, the redirect URL needs to be validated using IsRelativePath. There are some security measures in place, such as requiring relative paths, prohibiting host and...

5.1CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in Tomcat9

Apache Tomcat has a Relative Path Traversal vulnerability. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This created the possibility that, for rewrite rules that modify query parameters into the URL, an attacker could manipulate the...

7.5CVSS8.7AI score0.66535EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2026/06/19 6:50 a.m.11 views

CVE-2026-53436

A flaw was found in Jenkins. The system improperly validates redirect URLs after login, specifically when they contain relative path segments such as ./ or ../. This vulnerability allows attackers to craft malicious URLs that appear legitimate, leading to successful phishing attacks against users...

4.3CVSS5.8AI score0.00282EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50598

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description Unauthenticated users with network access can upload unlimited amounts of data to the server, which can lead to disk space exhaustion and a resulting denial-of-service. Additionally, the server...

9.3CVSS5.8AI score0.0031EPSS
Exploits1References11
OSV
OSV
added 2026/06/12 8:43 a.m.5 views

BIT-JENKINS-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

4.3CVSS5.3AI score0.00282EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.7 views

CVE-2026-47287

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

6.5CVSS5.5AI score0.00622EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 1:5 p.m.8 views

CVE-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

5.5AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48421

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description An open redirect issue exists where the software improperly validates redirect URLs after login. When a URL contains relative path segments such as ./ or ../, th...

4.3CVSS5.2AI score0.00282EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Jenkins 输入验证错误漏洞

Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Versions of Jenkins prior to 2.567, as well as LTS versions prior to 2.555.2, contain a vulnerabilit...

4.3CVSS5.4AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.14 views

CVE-2026-47287

Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network...

6.5CVSS0.00622EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:4 p.m.31 views

CVE-2026-47287

CVE-2026-47287 affects Visual Studio Code. The provided documents describe a relative path traversal vulnerability that could allow tampering over a network. Per CVSS data, the attack vector is NETWORK with no privileges required but user interaction is required, and the impact includes high inte...

6.5CVSS5.5AI score0.00622EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder