Lucene search
K

37 matches found

EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41488

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40897

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4.0.3. This is due to insufficient validation of the 'path' parameter in the emddeletefile AJAX handler in includes/common-functions.php. The user-supplied value is passed through...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week8 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added last week39 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:32 p.m.10 views

EUVD-2026-37289

LangGraph SDK has unsafe URL path construction...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:24 p.m.31 views

CVE-2026-48944 Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 6:17 p.m.11 views

CVE-2026-45750

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

9CVSS0.00294EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.7 views

esm.sh 路径遍历漏洞

esm.sh is an open-source content distribution network developed by esm.sh. Versions of esm.sh 137 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the fact that older routers did not clean up path components during the concatenation process, allowing attackers...

8.7CVSS5.8AI score0.00362EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 4:32 p.m.21 views

CVE-2026-20240

CVE-2026-20240 affects Splunk Enterprise (versions below 10.2.2, 10.0.5, 9.4.11, 9.3.12) and Splunk Cloud Platform (below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, 9.3.2411.129). A low-privilege user (not admin/power) can trigger a Denial of Service by abusing the coldTo...

6.5CVSS5.9AI score0.00396EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 10:0 p.m.3 views

CVE-2026-29610 OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

8.8CVSS6.1AI score0.00465EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 10:0 p.m.28 views

CVE-2026-29610 OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

8.8CVSS0.00465EPSS
Exploits0References3
Veracode
Veracode
added 2026/02/18 9:50 a.m.7 views

Prototype Pollution

jsonpath is vulnerable to Prototype Pollution. The vulnerability is due to unsafe handling of object paths in the value function within lib/index.js, where attacker-controlled property paths can modify Object.prototype, allowing arbitrary property injection into global objects and potentially...

9.8CVSS5.7AI score0.00399EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2026/02/04 10:42 p.m.8 views

GO-2026-4403 Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

3.8CVSS5.4AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/02/02 2:41 a.m.7 views

USN-7989-1 python-internetarchive vulnerability

Pengo Wray discovered that The Internet Archive Python Library incorrectly handled certain file paths when downloading files. An attacker could possibly use this issue to write files to arbitrary locations on the file system...

9.4CVSS5.9AI score0.01414EPSS
Exploits0References2
NVD
NVD
added 2025/12/08 4:15 p.m.5 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

9.1CVSS0.00613EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/08 12:0 a.m.18 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

0.00613EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/24 11:31 p.m.3 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.3 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Rows per page
Query Builder