Lucene search
+L

5701 matches found

Nuclei
Nuclei
added yesterday59 views

Samsung MagicINFO 9 Server - File Upload & Remote Code Execution

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. id: CVE-2025-4632 info: name: Samsung MagicINFO 9 Server - File Upload & Remote Code Execution author: s4e-i...

9.8CVSS7.2AI score0.23953EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday30 views

Joomla! Component BeeHeard 1.0 - Local File Inclusion

A directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1952 info: name: Joomla! Component BeeHeard 1.0 - Loc...

7.5CVSS6.2AI score0.12991EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday33 views

Joomla! Component Percha Fields Attach 1.0 - Directory Traversal

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...

7.5CVSS6.2AI score0.1321EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday35 views

CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

7.5CVSS7AI score0.13623EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday50 views

Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

7.5CVSS6.2AI score0.15722EPSS
Exploits1References5
OSV
OSV
added 4 days ago2 views

ALSA-2026:38493 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References4
CVE
CVE
added last week10 views

CVE-2026-55474

Snipe-IT (IT asset/license management) is affected by a directory-traversal in ActionlogController::displaySig prior to version 8.5.0. The route filename parameter is concatenated into a private upload-directory path without sanitization, enabling an authenticated attacker to read arbitrary files...

7.1CVSS6.2AI score0.00329EPSS
Exploits0References4Affected Software1
AlmaLinux
AlmaLinux
added 2026/07/09 12:0 a.m.8 views

Important: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing CVE-2026-39821 os: golang: Go os.Root: Symlink following vulnerability allows directory traversal...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 11:25 a.m.14 views

Important: Red Hat Security Advisory: python3.14-pip security update

An update for python3.14-pip is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

8CVSS7.3AI score0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 3:18 p.m.35 views

CVE-2026-59196 pnpm: hoisted install imports lockfile alias outside node_modules

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS0.00262EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 3:17 p.m.15 views

CVE-2026-55117

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...

8.6CVSS0.00382EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.6 views

CVE-2026-55111

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:53 p.m.7 views

CVE-2026-58170

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 3:51 p.m.7 views

EUVD-2026-40373

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS6AI score0.00628EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53908

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.20 and earlier ColdFusion version 2025.9 Description An Improper Limitation of a Pathname to a Restricted Directory, also known as Path Traversal, allows an attacker to access sensitive files and directories outside th...

9.3CVSS6.2AI score0.01577EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/29 6:31 p.m.6 views

EUVD-2026-40170

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

7.5CVSS5.8AI score0.00695EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.17 views

PT-2026-53238

Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A path traversal flaw exists in spice-vdagent, where a path traversal is a vulnerability that allows an attacker to access files and directories that are stored outside the web root...

4.4CVSS6.1AI score0.00135EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.42 views

CVE-2026-57872 GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

7.5CVSS0.00969EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5115 Grafana Loki Path Traversal - CVE-2021-36156 Bypass in github.com/grafana/loki

Grafana Loki Path Traversal - CVE-2021-36156 Bypass in github.com/grafana/loki...

5.3CVSS5.8AI score0.00409EPSS
Exploits0References3
Rows per page
Query Builder