Lucene search
K

65 matches found

CVE
CVE
added 6 days ago7 views

CVE-2026-59807

CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...

8.9CVSS6AI score0.00289EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56569

Name of the Vulnerable Software and Affected Versions Composio SDK versions prior to 0.2.32-beta.283 Description A path validation bypass allows attackers to read and exfiltrate sensitive files. This occurs due to a missing assertSafeFileUploadPath check in the readFileFromDisk function within...

8.9CVSS6.1AI score0.00289EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/13 9:12 p.m.33 views

CVE-2026-44440 ERPNext: Path Traversal Leading to Sensitive File Exposure

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...

6.5CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/04/22 5:16 p.m.4 views

CVE-2026-35345

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...

5.3CVSS0.00096EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/30 8:26 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of URL-encoded traversal sequences in the backend process. An attacker can delete critical configuration directories by supplying specially crafted paths. Details A Directory Traversal...

6.9CVSS6.5AI score0.00397EPSS
Exploits1References2
Veracode
Veracode
added 2026/02/28 5:13 a.m.12 views

Path Traversal

mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...

6.5CVSS5.7AI score0.00287EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2000-0233

Malware in sbrugna...

5CVSS6.4AI score0.07301EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-4326

Malware in sbrugna...

4.7CVSS6.4AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29482

Malware in sbrugna...

7.8CVSS7.5AI score0.00807EPSS
Exploits7References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-19361

Malware in sbrugna...

9.8CVSS6.4AI score0.02734EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19414

Malware in sbrugna...

7.5CVSS7.5AI score0.01742EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-21750

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.01213EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-15442

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00788EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34391

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00967EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-0139

Malicious code in bioql PyPI...

7.1CVSS7.2AI score0.0029EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-1230

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00859EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3935

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.02013EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/09/11 11:9 a.m.138 views

vxscan

VXScan+ VXScan+ is an advanced Python-based web vulnerabili...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/07 5:32 p.m.5 views

CVE-2025-54254

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope i...

8.6CVSS7.5AI score0.77133EPSS
Exploits2References1
CVE
CVE
added 2025/07/26 3:34 a.m.24 views

CVE-2025-50185

CVE-2025-50185 (DbGate) affects DbGate ≤ 6.6.0. Affected component: the dbgate-plugin-csv reader function, which does not validate file paths/types before reading files. This enables unauthorized access to arbitrary system files (e.g., /etc/shadow) by a user with application-level access, via the...

8.3CVSS6.3AI score0.00407EPSS
Exploits0References2
Rows per page
Query Builder