CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

4.3CVSS5.3AI score0.00017EPSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-42812

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...

9.9CVSS5.6AI score0.00141EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:18 p.m.•25 views

CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter

2.3CVSS0.00017EPSS

Exploits0References1

NVD•added 2026/05/04 5:16 p.m.•4 views

CVE-2026-42812

9.9CVSS0.00141EPSS

Exploits0References2

CVE•added 2026/05/04 4:19 p.m.•6 views

CVE-2026-42812

The CVE-2026-42812 entry covers Apache Polaris involving write.metadata.path in Polaris-managed catalogs. A change to the table property write.metadata.path can bypass the pre-write location validation, allowing Polaris to write metadata to attacker-controlled storage before location checks run. ...

9.9CVSS5.8AI score0.00141EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/04 4:19 p.m.•2 views

CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path`

9.9CVSS5.8AI score0.00141EPSS

Exploits0References1

Cvelist•added 2026/05/04 4:19 p.m.•31 views

CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path`

9.9CVSS0.00141EPSS

Exploits0References1

OSV•added 2025/10/09 3:16 p.m.•3 views

CVE-2025-39664

Insufficient escaping in the report scheduler within Checkmk 2.4.0p13, 2.3.0p38, 2.2.0p46 and 2.1.0 EOL allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory...

6.5CVSS6.7AI score

Exploits0References3

OSV•added 2025/10/09 3:16 p.m.•1 views

UBUNTU-CVE-2025-39664

7.1CVSS5.8AI score0.00081EPSS

Exploits1References3

EUVD•added 2025/10/09 3:1 p.m.•1 views

EUVD-2025-33348

7.1CVSS6.3AI score0.00081EPSS

Exploits1References2

Citrix•added 2025/04/28 12:0 a.m.•5 views

How to Migrate Session Recording Storage While Keeping Old Recordings

The customer is planning a cutover of Session Recording storage. They would like to add the new storage location for any new session recordings, while maintaining the older storage location for older recordings as these are kept for a required retention period...

7.1AI score

Exploits0

CNNVD•added 2023/10/10 12:0 a.m.•1 views

SAP S/4HANA Information Disclosure Vulnerability

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An information disclosure vulnerability exists in SAP S/4HANA that stems from a vulnerable file storage location that could allow a low-privileged attacker to read server...

4.3CVSS6AI score0.002EPSS

Exploits0References4

Positive Technologies•added 2023/10/09 12:0 a.m.•1 views

PT-2023-6223 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: Statutory Reporting application affected versions not specified SAP S/4HANA affected versions not specified Description: The issue concerns a vulnerable file storage location in the Statutory Reporting application, potentially allowing a...

4.3CVSS7AI score0.002EPSS

Exploits0References10

Github Security Blog•added 2021/05/10 2:53 p.m.•57 views

Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

7.8CVSS7.5AI score0.00151EPSS

Exploits0References6Affected Software1

OSV•added 2021/05/10 2:53 p.m.•27 views

GHSA-G98M-96G9-WFJQ Insecure path handling in Bundler

7CVSS7.5AI score0.00151EPSS

Exploits0References7

Github Security Blog•added 2021/03/23 1:53 a.m.•195 views

Unrestricted File Upload in Form Framework

Problem Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default fileDenyPattern successfully blocked files like .htaccess or malicious.php. TYPO3 Extbase extensions, which implement ...

8.6CVSS1AI score0.00416EPSS

Exploits0References7Affected Software3

NVD•added 2020/09/04 12:15 p.m.•23 views

CVE-2019-3881

7.8CVSS7.6AI score0.00151EPSS

Exploits0References1

Prion•added 2020/09/04 12:15 p.m.•22 views

Code injection

4.4CVSS7.4AI score0.00151EPSS

Exploits0References1Affected Software1

Hacker One•added 2020/07/11 10:2 p.m.•56 views

Concrete CMS: Arbitrary File delete via PHAR deserialization

crayons : Concrete5 Arbitrary File delete via PHAR deserialization - Target: Concrete5 - Version: 8.5.4 Latest at 2020. 07. 12 / PHP 7.2 - Credit: WSP Lab@KAIST - Contact: [email protected] TL; DR - An attacker can send an arbitrary input value in the isdir function, which causes a PHAR...

6.4CVSS9.9AI score0.00681EPSS

Exploits0

RubySec•added 2018/04/23 12:0 a.m.•19 views

Insecure path handling in Bundler

7.8CVSS6.7AI score0.00151EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by