Lucene search
K

143 matches found

NVD
NVD
added 2026/06/19 6:17 a.m.9 views

CVE-2026-54414

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS0.0072EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:41 a.m.7 views

CVE-2026-54414

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:41 a.m.10 views

EUVD-2026-37993

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 5:41 a.m.32 views

CVE-2026-54414 FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover

FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder upload endpoint /api/folder/uploadToSharedFolder.php, leading to arbitrary file write and administrator account takeover. The upload filename is validated by FolderController with basename and REGEXFILENAME, which permit...

9.8CVSS0.0072EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 5:41 a.m.17 views

CVE-2026-54414

CVE-2026-54414 affects FileRise prior to 3.16.0. The vulnerability is a path traversal in the shared-folder upload endpoint (/api/folder/uploadToSharedFolder.php) that enables arbitrary file write and, under certain conditions, administrator account takeover. Root cause: uploaded filenames are va...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50842

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 3.16.0 Description A path traversal issue exists in the shared-folder upload endpoint '/api/folder/uploadToSharedFolder.php'. The FolderController validates the upload filename using basename and REGEX FILE NAME, but...

9.8CVSS6.3AI score0.0072EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-34838

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.25.0 Description An off-by-one error exists in the path traversal filter within channels/drive/client/drive file.c. The contains dotdot function fails to detect .. when it is the final component of a path without a...

6.1CVSS5.8AI score0.002EPSS
Exploits1References36
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.7 views

CVE-2023-31403

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation...

9.6CVSS7AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 1:18 p.m.5 views

CVE-2025-53939

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

8.8CVSS6.7AI score0.00644EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/29 2:25 a.m.4 views

CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

6.3CVSS6.4AI score0.00644EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/29 2:25 a.m.9 views

CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

6.3CVSS0.00644EPSS
Exploits0References1
OSV
OSV
added 2025/11/29 2:25 a.m.6 views

CVE-2025-53939 Kiteworks Core is vulnerable to Improper Input Validation

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

6.3CVSS5.8AI score0.00644EPSS
Exploits0References3
CVE
CVE
added 2025/11/29 2:25 a.m.12 views

CVE-2025-53939

Kiteworks Core (PDN) prior to version 9.1.0 contains an input validation flaw when managing roles on a shared folder, which could allow elevation of another user’s permissions on that share. The issue is fixed in version 9.1.0. Exploitation details are not provided in the available documents.

8.8CVSS6.4AI score0.00644EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/29 12:0 a.m.8 views

PT-2025-48362

Kiteworks is a private data network PDN. Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0...

6.3CVSS6.7AI score0.00644EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/15 7:8 a.m.8 views

Missing Authorization

Copyparty is vulnerable to Missing Authorization. The vulnerability is due to a missing permission check in the shares feature shr global option, which allows an attacker to access sibling files within a shared folder by guessing their filenames, leading to unauthorized data exposure...

7.5CVSS6.8AI score0.00344EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-18275

Malware in sbrugna...

6.5CVSS6.4AI score0.00998EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-12411

Malware in sbrugna...

7.9CVSS8AI score0.00359EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-5899

Malware in sbrugna...

3.5CVSS6.1AI score0.00826EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-13414

Malware in sbrugna...

7.5CVSS7.5AI score0.01298EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-7727

Malware in sbrugna...

6.1CVSS6.3AI score0.00713EPSS
Exploits0References3
Rows per page
Query Builder