Lucene search
K

43 matches found

OSV
OSV
added 2026/04/29 11:9 a.m.3 views

SUSE-SU-2026:1659-1 Security update for sed

This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...

2.1CVSS5.5AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 5:15 p.m.3 views

SUSE-SU-2026:21448-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in static file routers, which could lead to the download of...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/02 6:44 p.m.3 views

Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/03/28 5:29 a.m.9 views

Improper Input Validation

activestorage is vulnerable to Improper Input Validation. The vulnerability is due to unescaped use of blob keys in Dir.glob within DiskServicedeleteprefixed, which allows an attacker to inject glob metacharacters and delete unintended files from the storage directory...

9.1CVSS5.9AI score0.00646EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2026/03/27 8:10 a.m.30 views

CVE-2025-59031

Summary of CVE-2025-59031 (Dovecot) : A script provided by Dovecot for text conversion mishandles zip-style attachments. This can allow an attacker to craft OOXML documents that cause unintended files to be indexed and end up in full-text search (FTS) indexes. The underlying impact is limited to ...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software2
Debian CVE
Debian CVE
added 2026/03/27 8:10 a.m.4 views

CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

4.3CVSS5.2AI score0.00283EPSS
Exploits0
CVE
CVE
added 2026/03/23 8:59 p.m.6 views

CVE-2025-60946

CVE-2025-60946 affects Census CSWeb. In CSWeb 8.0.1, an arbitrary file path input vulnerability enables path traversal, potentially exposing sensitive directories to a remote, authenticated attacker. Impact is described as high for confidentiality, integrity, and availability in the CVSS metrics....

8.8CVSS5.9AI score0.00488EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 10:56 a.m.4 views

CVE-2026-26064

A flaw was found in calibre. This vulnerability, known as a path traversal, allows an attacker to write files to unintended locations on a user's system. This occurs because a function responsible for extracting pictures does not properly handle special characters in file paths...

9.3CVSS5.4AI score0.0088EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

FreeBSD : Forgejo -- Symbolic Link (Symlink) Following (963f4e9d-e4d5-11f0-984f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 963f4e9d-e4d5-11f0-984f-b42e991fc52e advisory. https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports:...

9.5CVSS5.6AI score0.00489EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/15 1:55 p.m.5 views

EUVD-2025-34622

A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS6.2AI score0.01085EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5157

Malware in sbrugna...

7.5CVSS5.7AI score0.01117EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-32067

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01545EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.4 views

EulerOS 2.0 SP11 : perl (EulerOS-SA-2025-1938)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...

5.9CVSS7AI score0.00368EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/28 2:32 a.m.6 views

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

5.9CVSS7.2AI score0.00368EPSS
Exploits0References11
Veracode
Veracode
added 2025/04/04 4:36 a.m.20 views

Relative Path Traversal

Apache Commons VFS is vulnerable to Relative Path Traversal. The vulnerability is due to improper validation in the resolveFile method, which allows encoded ".." sequences to bypass descendant path restrictions and access unintended files...

7.5CVSS6.6AI score0.01277EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/03/15 4:15 a.m.2 views

UBUNTU-CVE-2023-28371

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...

9.8CVSS7.3AI score0.01545EPSS
Exploits0References5
OSV
OSV
added 2022/09/05 12:15 a.m.5 views

CVE-2022-39196

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...

6.5CVSS5.8AI score0.01073EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/09/05 12:15 a.m.3 views

CVE-2022-39196

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...

6.5CVSS5.8AI score0.01073EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/04 12:0 a.m.6 views

PT-2022-24797 · Blackboard · Blackboard Learn

Name of the Vulnerable Software and Affected Versions: Blackboard Learn version 1.10.1 Description: The issue allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain "webapps/bbcms/execute/" URL. The vendor disputes this,...

6.5CVSS6.2AI score0.01073EPSS
Exploits1References5
Rows per page
Query Builder