Lucene search
K

3373 matches found

Cvelist
Cvelist
added 2026/06/10 2:35 p.m.28 views

CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...

2.3CVSS0.00277EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 2:35 p.m.13 views

EEF-CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured

Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh ssh\sftpd module allows File Discovery. The SSH\FXP\READLINK handler in ssh\sftpd sends the raw result of file:read\link/2 to the client without calling chroot\filename/2 to strip the backend root...

2.3CVSS5.5AI score0.00277EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

BoxLite 路径遍历漏洞

BoxLite is an open-source embedded microvirtual machine runtime developed by BoxLite. It provides hardware-isolated secure sandboxes for AI agents and code execution scenarios. Versions of BoxLite prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of...

9.6CVSS6.4AI score0.00482EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48463

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 29.0.1 Erlang OTP versions prior to 28.5.0.2 Erlang OTP versions prior to 27.3.4.13 Description An issue in the ssh sftpd module allows for file discovery through the exposure of sensitive information. The SSH...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References11
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.7 views

Erlang/OTP -- SFTP READLINK discloses server filesystem paths

https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports: The SSH SFTP daemon's handling of SSHFXPREADLINK returned symbolic link targets containing the server's absolute filesystem path, disclosing the backend root prefix to clients. The handler now strips the backend root...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.34 views

CVE-2026-41706

Spring Security: CookieRequestCache and CookieServerRequestCache store the full absolute pre-authentication URL in a browser cookie and use it as the post-login redirect target without validation. Affected versions include Spring Security 5.7.0–5.7.23; 5.8.0–5.8.25; 6.3.0–6.3.16; 6.4.0–6.4.16; 6....

6.1CVSS5.5AI score0.00211EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.11 views

CVE-2026-41706 Open Redirect When Using CookieRequestCache

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00548EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:54 p.m.10 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00548EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7217

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

6.9CVSS5.5AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.7 views

CVE-2026-10075

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.6AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.12 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.6AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44641

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS5.6AI score0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:16 p.m.12 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/01 3:1 p.m.13 views

EUVD-2026-33682

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.0032EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.17 views

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.006EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 2:16 p.m.14 views

CVE-2026-10075

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS0.00387EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 12:53 p.m.11 views

CVE-2026-10075 Interinfo|DreamMaker - Path Traversal

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 12:53 p.m.30 views

CVE-2026-10075 Interinfo|DreamMaker - Path Traversal

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS0.00387EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 12:53 p.m.11 views

EUVD-2026-33301

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References2
Rows per page
Query Builder