Lucene search
K

476 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 10:1 a.m.9 views

CVE-2026-9558

A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...

9.9CVSS6.3AI score0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 10:1 a.m.38 views

CVE-2026-9558

A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...

9.9CVSS0.00439EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability, which stems from server-side template injection in the theme engine. This vulnerability may...

9.9CVSS6.2AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.14 views

CVE-2025-13593

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS0.00086EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 a.m.12 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:43 a.m.13 views

CVE-2025-66593

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:43 a.m.14 views

CVE-2025-66593

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:43 a.m.12 views

CVE-2025-66592

An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 8:29 a.m.10 views

CVE-2024-47267

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vecto...

2.7CVSS5.8AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43591

Name of the Vulnerable Software and Affected Versions Synology Assistant versions prior to 7.0.6-50085 Description An origin validation error allows local users to write arbitrary files with restricted content during the installation process. Recommendations Update to version 7.0.6-50085 or later...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Synology Active Backup for Business Agent 访问控制错误漏洞

Synology Active Backup for Business Agent is an enterprise data backup and recovery management platform developed by Synology, a Chinese company. Versions of Synology Active Backup for Business Agent prior to 3.1.0-4967 contained a access control vulnerability caused by a source verification erro...

6.1CVSS5.8AI score0.00086EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43585

Name of the Vulnerable Software and Affected Versions Synology ActiveProtect Agent versions prior to 1.1.0-0439 Description An origin validation error occurs during installation, allowing local users to write arbitrary files with restricted content. Recommendations Update to version 1.1.0-0439 or...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:7 p.m.8 views

CVE-2026-7879

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Cpio

In all versions of cpio before 2.13, input files are not properly validated when generating TAR archives. When cpio is used to create TAR archives from paths that attackers can access, the resulting archive may contain files with permissions that the attacker does not have, or in paths to which t...

7.3CVSS6.6AI score0.00686EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Strapi 代码问题漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.33.3 had code vulnerabilities. These vulnerabilities stemmed from a flaw in the Content API endpoint of the Upload plugin, which did not enforce the MIME type...

5.4CVSS5.9AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 1:58 p.m.9 views

CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

4.7CVSS5.8AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 4:15 p.m.41 views

CVE-2026-20168 Cisco IoT Field Network Director Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...

6.5CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 4:15 p.m.18 views

CVE-2026-20168

Cisco IoT Field Network Director’s web-based management interface is affected by a path traversal vulnerability caused by insufficient file access checks. An authenticated, low-privilege remote attacker could submit crafted input via the web UI to read files they are not authorized to access, imp...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/21 7:32 p.m.9 views

CVE-2026-40889

CVE-2026-40889 concerns Frappe HR (HRMS) and describes an Improper Access Control on Files . Before versions 15.58.2 and 16.4.2 , authenticated users could access files they should not be able to view by abusing a vulnerable API endpoint. The affected line items indicate that the vulnerability re...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/10 4:3 p.m.15 views

CVE-2026-35658

OpenClaw CVE-2026-35658 affects the OpenClaw image tool prior to version 2026.3.2. The vulnerability is a filesystem boundary bypass that ignores tools.fs.workspaceOnly restrictions, allowing an attacker to traverse sandbox bridge mounts outside the workspace and read files that other filesystem ...

6.5CVSS5.8AI score0.00286EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder