Lucene search
+L

81 matches found

cve
cve
added 2026/01/12 11:2 p.m.20 views

CVE-2026-22212

CVE-2026-22212 concerns TinyOS up to 2.1.2, where the mcp2200gpio utility is vulnerable to a stack-based buffer overflow. The root cause is unsafe use of strcpy() and strcat() when constructing device paths during automatic device discovery, allowing a local attacker to craft filenames under /dev...

4.8CVSS6.7AI score0.00127EPSS
Exploits0References3
github
github
added 2026/01/08 9:22 p.m.15 views

Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

8.8CVSS7.2AI score0.003EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2026/01/07 12:0 a.m.6 views

PT-2026-1880

Name of the Vulnerable Software and Affected Versions fast-filesystem-mcp version 3.4.0 Description The software contains a path traversal issue in its file operation tools, including the fast read file function. This is due to insufficient path validation that does not resolve symbolic links to...

7.5CVSS6.4AI score0.00583EPSS
Exploits1References4
nvd
nvd
added 2025/12/08 4:15 p.m.6 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

9.1CVSS0.00637EPSS
Exploits1References1
cvelist
cvelist
added 2025/12/08 12:0 a.m.23 views

CVE-2025-61318

Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature...

0.00637EPSS
Exploits1References1
snyk
snyk
added 2025/11/24 11:31 p.m.5 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.3 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.0 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
snyk
snyk
added 2025/11/24 11:31 p.m.3 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
github
github
added 2025/11/24 11:31 p.m.9 views

LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction

Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...

7AI score
Exploits0References4Affected Software1
osv
osv
added 2025/10/14 6:0 p.m.3 views

GHSA-P84V-GXVW-73PF Argo Workflow has a Zipslip Vulnerability

Vulnerability Description Vulnerability Overview 1. During the artifact extraction process, the unpack function extracts the compressed file to a temporary directory /etc.tmpdir and then attempts to move its contents to /etc using the rename system call, 2. However, since /etc is an already...

8.1CVSS7AI score0.00589EPSS
Exploits2References7
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1822

Malware in sbrugna...

9CVSS8.8AI score0.02618EPSS
Exploits0References2
osv
osv
added 2025/09/02 5:14 p.m.7 views

GHSA-CCC3-FVFX-MW3V MobSF Path Traversal in GET /download/<filename> using absolute filenames

Summary The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWDDIR download directory from "neighboring" directories whose absolute paths begin with the same prefix as DWDDIR e.g., .../downloadsbak,...

5.3CVSS6.9AI score0.0073EPSS
Exploits1References4
Rows per page
Query Builder