Lucene search
K

2510 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

gryph 安全漏洞

Gryph is an AI-based coding proxy activity auditing and debugging tool developed by SafeDep. Versions of Gryph prior to 0.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the default log level being set to standard rather than minimum. As a result, sensitive file write...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 7:33 p.m.10 views

Directory Traversal

Overview org.xwiki.platform:xwiki-platform-webjars-api is a XWiki Platform WebJars API. Affected versions of this package are vulnerable to Directory Traversal via the process that handles WebJar extension installation. An attacker can overwrite arbitrary files, including configuration files and...

5.9CVSS6.3AI score0.00056EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 3:16 p.m.15 views

CVE-2026-41917

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS0.00387EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/26 2:8 p.m.12 views

CVE-2026-41917 OpenKM 6.3.12 Local File Inclusion via Admin Scripting

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 2:8 p.m.10 views

EUVD-2026-31833

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/25 2:15 p.m.12 views

EUVD-2018-21897

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS5.9AI score0.00785EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.8 views

CVE-2018-25365 PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

8.7CVSS5.9AI score0.00785EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 12:43 a.m.12 views

EUVD-2026-31387

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information...

7.7CVSS5.8AI score0.0068EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 8:42 p.m.13 views

Malicious code in configcat-trello-powerup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/21 8:42 p.m.11 views

MAL-2026-4535 Malicious code in configcat-trello-powerup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...

5.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/21 7:35 a.m.20 views

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 CVSS score: 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose...

7.1CVSS6.1AI score0.0138EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.7 views

F5 Networks BIG-IP : iControl SOAP vulnerability (K000160973)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160973 advisory. A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrato...

6.9CVSS5.8AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 12:16 a.m.16 views

CVE-2026-35593

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

6.8CVSS0.00621EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 8:12 p.m.11 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.2AI score0.96267EPSS
Exploits228References14
Snyk
Snyk
added 2026/05/19 8:0 p.m.8 views

Directory Traversal

Overview pymdown-extensions is an Extension pack for Python Markdown. Affected versions of this package are vulnerable to Directory Traversal in the getsnippetpath function. An attacker can access arbitrary files outside the intended directory by crafting a path that exploits improper directory...

8.7CVSS7.5AI score0.01815EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/19 3:38 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...

5.4CVSS6.3AI score0.00297EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 2:4 p.m.22 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.2AI score0.96267EPSS
Exploits228References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 6:26 a.m.10 views

Malicious code in vfat-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 98a606c66789ae1326b7e1802465d1650ef2c691821578936448f403ec421bb0 The package exfiltrates sensitive files and env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/19 6:26 a.m.7 views

MAL-2026-4163 Malicious code in vfat-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 98a606c66789ae1326b7e1802465d1650ef2c691821578936448f403ec421bb0 The package exfiltrates sensitive files and env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-42024

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

6.8CVSS6.5AI score0.00621EPSS
Exploits0References3
Rows per page
Query Builder