Lucene search
K

4703 matches found

Nuclei
Nuclei
added yesterday32 views

1Panel SQL Injection - Authenticated

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

9.8CVSS7.3AI score0.29396EPSS
Exploits1References1
CVE
CVE
added 3 days ago9 views

CVE-2026-58426

The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-55700

A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...

7.1CVSS6AI score0.00267EPSS
Exploits1References5
CVE
CVE
added 5 days ago9 views

CVE-2026-14340

GitHub Enterprise Server (GitHub ES) suffers an incorrect authorization vulnerability (CVE-2026-14340) where a user-to-server token scoped to a GitHub App installation could perform write operations on public repositories outside the token’s scope. The root cause is an authorization check that on...

5.3CVSS5.8AI score0.00284EPSS
Exploits0References6
NVD
NVD
added 5 days ago9 views

CVE-2026-6685

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in fread / fwrite fp-sect - sect cc during interleaved read/write on fragmented filesystems. This maps to CWE-191 Integer Underflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 6.1...

6.1CVSS0.00205EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-57517

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
NVD
NVD
added 5 days ago6 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

5.1CVSS0.00417EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40957

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 5 days ago16 views

CVE-2026-8387

CVE-2026-8387 : A vulnerability in allegroai/clearml up to version 1.16.5 permits relative path traversal when extracting ZIP archives via ZipFile.extractall() in StorageManager._extract_to_cache(). The missing path validation allows an attacker to write arbitrary files to the filesystem, with at...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago7 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-54931

Name of the Vulnerable Software and Affected Versions allegroai/clearml versions prior to 2.1.6 Description Relative path traversal occurs during the extraction of .zip archives via the ZipFile.extractall method within the StorageManager. extract to cache function. This is caused by a lack of pat...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References6
NVD
NVD
added 6 days ago9 views

CVE-2026-58173

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS0.00307EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-40354

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-53924

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description A path traversal issue exists in the remember tool, allowing attackers to write arbitrary Markdown files to unintended locations on the filesystem. This is achieved by supplying a malicious...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References8
CVE
CVE
added last week9 views

CVE-2026-57953

The vulnerability affects Mythic prior to version 3.4.0.60 and is due to an authorization bypass that allows authenticated spectator-role users to perform unauthorized write operations via the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Exploitation...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added last week6 views

EUVD-2026-40122

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

7.5CVSS5.9AI score0.00228EPSS
Exploits2References1
Cvelist
Cvelist
added last week35 views

CVE-2026-49049 Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...

0.00228EPSS
Exploits2References1
OSV
OSV
added last week5 views

PYSEC-2026-411 Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion

Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...

10CVSS6AI score0.00713EPSS
Exploits1References7
OSV
OSV
added last week5 views

PYSEC-2026-385 Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS8AI score0.26488EPSS
Exploits3References8
Rows per page
Query Builder