Lucene search
+L

10 matches found

OSV
OSV
added 3 days ago4 views

CVE-2026-59733 rclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositories

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00523EPSS
Exploits1References6
OSV
OSV
added 2026/06/22 5:25 p.m.4 views

CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6.1AI score0.00378EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/05/27 3:27 p.m.12 views

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS5.2AI score0.00745EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/27 3:27 p.m.31 views

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS0.00745EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.8 views

PT-2025-23011 · Auth-Js · Auth-Js

Name of the Vulnerable Software and Affected Versions: auth-js versions prior to 2.69.1 Description: The issue concerns the auth-js library, an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, certain library functions such as getUserById, deleteUser, updateUserById,...

6.9CVSS6.3AI score0.00745EPSS
Exploits0References9
CVE
CVE
added 2025/01/07 3:33 p.m.87 views

CVE-2025-21622

CVE-2025-21622 affects ClipBucket V5. The issue arises in the avatar deletion workflow where avatar_url is treated as a file path within the avatars directory without validating path traversal sequences. The final $file variable can be tainted by traversal inputs stored in the DB, enabling deleti...

9.1CVSS7.5AI score0.00939EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

Oceanic 安全漏洞

Oceanic is a NodeJS library for interacting with Discord open-sourced by Oceanic. A security vulnerability exists in Oceanic versions prior to 1.10.4, which stems from uncleaned user input that may result in URL path traversal...

6.5CVSS6.5AI score0.00551EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

Gira KNX/IP-Router 路径遍历漏洞

The Gira KNX/IP-Router is a secure router for public buildings from Gira. A security vulnerability exists in Gira KNX/IP-Router versions 3.1.3683.0 and 3.3.8.0, which stems from a vulnerability that allows an attacker to read sensitive files via a directory traversal sequence in a URL...

7.5CVSS7.3AI score0.01256EPSS
Exploits1References3
Atlassian
Atlassian
added 2019/10/11 3:12 a.m.95 views

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...

7.5CVSS1.4AI score0.03907EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2019/10/11 3:12 a.m.37 views

URL path traversal allows information disclosure - CVE-2019-15004

URL path traversal allows information disclosure - CVE-2019-15004 Severity Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is...

7.5CVSS1.4AI score0.03907EPSS
Exploits0
Rows per page
Query Builder