Lucene search
+L

1751 matches found

OSV
OSV
added 2 days ago4 views

CVE-2026-62843 File Browser: Archive builder turns backslash filenames into path traversal (zip-slip)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-62843 File Browser: Archive builder turns backslash filenames into path traversal (zip-slip)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS0.00259EPSS
Exploits0References3
CVE
CVE
added 2 days ago5 views

CVE-2026-62843

CVE-2026-62843 affects File Browser (versions 2.63.6–2.63.16). The archive builder calls strings.ReplaceAll(nameInArchive, "\", "/"), which can transform a POSIX filename like ..\..\evil.sh into ../../evil.sh within the generated zip/tar. This enables a user with upload permissions to place a bac...

6.8CVSS6.1AI score0.00259EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/10 12:30 a.m.14 views

Directory Traversal

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the safeMakeDir function and extraction path validation process. An attacker can write arbitrary files outside the intended...

8.7CVSS6.5AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the /skin/ action endpoint when running on Jetty 12 or later. An attacker can access arbitrary files on the server by crafting a URL containing encoded directory traversal sequences. This is only exploitable if th...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the /skin/ action endpoint when running on Jetty 12 or later. An attacker can access arbitrary files on the server by crafting a URL containing encoded directory traversal sequences. This is only exploitable if th...

8.2CVSS6.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-10732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entri...

9.8CVSS7.8AI score0.02147EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 11:17 a.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Lucene.Net.Replicator process. An attacker can access arbitrary files on the server by submitting crafted requests containing path traversal sequences. Details A Directory Traversal attack also known as path...

8.9CVSS6.5AI score0.00703EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 9:19 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Lucene.Net.Replicator process. An attacker can write arbitrary files to the client system by sending specially crafted data from a malicious server. Details A Directory Traversal attack also known as path...

8.9CVSS6.5AI score0.00616EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/30 11:16 p.m.4 views

Directory Traversal

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/30 11:16 p.m.5 views

Directory Traversal

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS6.5AI score0.00164EPSS
Exploits0References2
Rows per page
Query Builder