Lucene search
K

1422 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.2AI score0.00663EPSS
Exploits0References9
Nuclei
Nuclei
added yesterday35 views

FortiWLM - Directory Traversal

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. id: CVE-2023-34990 info: name: FortiWLM - Directory Traversal author: DhiyaneshDk severity: critical...

9.8CVSS7.2AI score0.24901EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday41 views

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php. id: CVE-2023-23333 info: name: SolarView Compact 6.00 - OS Command Injection author: Mr-xn severity: critical description: ...

9.8CVSS7.1AI score0.99273EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2026/07/06 6:17 p.m.6 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/06 3:59 p.m.8 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/06 3:55 p.m.4 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/06 3:46 p.m.5 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/06 3:42 p.m.5 views

org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...

8.8CVSS6.1AI score0.00663EPSS
Exploits0References9
OSV
OSV
added 2026/07/02 8:17 p.m.13 views

GHSA-G6G7-PVMX-M74P 9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.2CVSS5.9AI score0.01372EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 8:20 p.m.10 views

CVE-2026-55607

A flaw was found in Claude Code, an agentic coding tool, in its handling of worktrees. This vulnerability allowed the creation of specially named worktrees and navigation outside of the intended secure environment, leading to what is known as a 'git directory confusion attack'. By manipulating...

8.8CVSS6.1AI score0.00765EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-564 OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2026/06/26 1:31 a.m.9 views

CVE-2026-53160

A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 3:16 p.m.13 views

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS0.00291EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.9 views

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score0.00461EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.12 views

Remote Desktop Client Remote Code Execution Vulnerability

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS7.2AI score0.00461EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/09 11:16 a.m.58 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 - Security Buffer Overflow Quick Usage...

9.8CVSS6.3AI score0.72253EPSS
Exploits32
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.9CVSS0.0082EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.14 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.3AI score0.00341EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39814

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...

6.7CVSS5.7AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39812

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

4.8CVSS5.7AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder