CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/21 8:50 p.m.•2 views

CVE-2026-40923

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal pat...

Exploits0References3Affected Software1

CVE•added 2026/04/21 8:50 p.m.•5 views

CVE-2026-40923

CVE-2026-40923 affects Tekton Pipelines. Before v1.11.1, a validation bypass in the VolumeMount path restriction lets mounting volumes under restricted /tekton/ paths by exploiting .. path traversal components. The check relies on strings.HasPrefix instead of filepath.Clean, allowing inputs like ...

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/21 8:50 p.m.•0 views

CVE-2026-40923 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

Cvelist•added 2026/04/21 8:50 p.m.•26 views

CVE-2026-40923 Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check

5.4CVSS0.00052EPSS

CNNVD•added 2026/04/21 12:0 a.m.•4 views

Tekton Pipelines 路径遍历漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. Versions of Tekton Pipelines prior to 1.11.1 contained a path traversal vulnerability. This vulnerability stemmed from a validation bypass in the VolumeMount path restrictions, allowing path traversal components to mount...

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34176

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions prior to 1.11.1 Description A validation bypass in the VolumeMount path restriction allows mounting volumes under restricted '/tekton/' internal paths by using '..' path traversal components. The restriction check use...

OSV•added 2026/04/06 7:58 a.m.•1 views

Exploits0References10

BIT-NODE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6.3AI score0.00005EPSS

NVD•added 2026/02/26 8:31 p.m.•5 views

CVE-2026-23939

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

7.5CVSS0.00081EPSS

Exploits0References4

ATTACKERKB•added 2026/01/22 4:51 p.m.•2 views

CVE-2025-67963

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through = 1.1.5...

8.6CVSS5.4AI score0.00024EPSS

Positive Technologies•added 2026/01/22 12:0 a.m.•3 views

PT-2026-4103

Name of the Vulnerable Software and Affected Versions AivahThemes Anona versions through 8.0 Description A flaw exists in AivahThemes Anona that allows for path traversal. This issue is due to improper limitation of a pathname to a restricted directory. The vulnerability could potentially allow...

5.3AI score0.00024EPSS

Positive Technologies•added 2026/01/22 12:0 a.m.•2 views

PT-2026-4042

Name of the Vulnerable Software and Affected Versions ovatheme Movie Booking versions through 1.1.5 Description A Path Traversal issue exists in ovatheme Movie Booking movie-booking. This allows an attacker to potentially access files and directories outside of the intended restricted directory...

5.3AI score0.00024EPSS

NVD•added 2026/01/21 2:16 p.m.•5 views

CVE-2026-22444

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

7.1CVSS0.00035EPSS

Exploits1References2

EUVD•added 2026/01/21 1:40 p.m.•2 views

EUVD-2026-3665

7.1CVSS5.5AI score0.00035EPSS

Exploits1References3

CVE•added 2026/01/21 1:40 p.m.•38 views

CVE-2026-22444

The CVE-2026-22444 issue affects Apache Solr in standalone mode (versions 8.6–9.10.0) where the create core API performs inadequate input validation on certain API parameters. This can cause Solr to check and read file-system paths that should be blocked by the allowPaths setting, potentially all...

7.1CVSS5.5AI score0.00035EPSS

Exploits1References2Affected Software1

NVD•added 2026/01/07 5:16 p.m.•3 views

CVE-2025-67364

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

7.5CVSS0.00023EPSS

Exploits1References2

Positive Technologies•added 2025/12/18 12:0 a.m.•3 views

PT-2025-52049

Name of the Vulnerable Software and Affected Versions MapSVG versions prior to 8.6.12 Description A Path Traversal issue exists in MapSVG. This allows an attacker to potentially access restricted directories. The issue is due to improper limitation of a pathname. Recommendations Update MapSVG to...

6.5CVSS6.5AI score0.00067EPSS