Lucene search
K

48 matches found

Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack in the template repository generation process. An attacker can access or modify files outside the intended directory by leveraging symlinked or non-regular paths. Remediation Upgrade...

9.1CVSS6AI score0.00428EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-45195

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...

7.8CVSS0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 12:0 a.m.9 views

EUVD-2025-210298

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/09 7:24 p.m.38 views

CVE-2026-47910 Dreamweaver Desktop | Incorrect Authorization (CWE-863)

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

6.3CVSS0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.14 views

EUVD-2026-29742

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

6.3CVSS5.9AI score0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Adobe Commerce 路径遍历漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a path traversal vulnerability, which stems from improper path name restrictions. This vulnerability may allow arbitrary file system reads and writes...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 2:12 p.m.11 views

CVE-2026-5383

Summary: CVE-2026-5383 affects runZero Explorer, described as an incorrect authorization (CWE-863) that could allow access to Explorer groups from outside the authorized organization scope. It is scored CVSSv3.1: AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L (4.4, Medium) and has been fixed in runZero Expl...

4.4CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/27 2:0 p.m.9 views

CVE-2026-33748

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is...

8.2CVSS5.8AI score0.00463EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.11 views

PT-2026-28526

Name of the Vulnerable Software and Affected Versions BuildKit versions prior to 0.28.1 Description Insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository root. Possible access is limited to files on the same mounted...

9.8CVSS5.9AI score0.60368EPSS
Exploits4References142
UbuntuCve
UbuntuCve
added 2026/03/24 9:16 p.m.6 views

CVE-2026-4371

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

7.4CVSS7.2AI score0.0036EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/13 6:55 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...

8.1CVSS6.3AI score0.00521EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.7 views

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

4.9CVSS5.9AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2025/11/20 12:19 p.m.16 views

CVE-2025-40605

CVE-2025-40605 affects SonicWall Email Security appliances and is a path traversal vulnerability that lets an attacker manipulate file system paths by inserting directory-traversal sequences (e.g., ../) to access files outside restricted paths. The advisory set confirms related fixes in SonicWall...

5.3CVSS6.6AI score0.00299EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/08/28 3:42 a.m.22 views

CVE-2025-9345

CVE-2025-9345 : Path Traversal to Arbitrary File Download in the WordPress plugin “File Manager, Code Editor, and Backup by Managefy.” Affected versions: all up to 1.4.8. Root cause per sources: authenticated users (Subscriber level and higher) can leverage ajax_downloadfile() to access files out...

4.9CVSS7AI score0.00465EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/15 9:29 p.m.11 views

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

9.4CVSS8.4AI score0.01485EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/04/01 3:15 p.m.6 views

rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

7.5CVSS6.6AI score0.01068EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/27 12:0 a.m.4 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 15.2, which stems from the fact that an application may be able to read and write files outside of its sandbox...

8.2CVSS7.2AI score0.002EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2024/11/19 4:2 p.m.25 views

bubblewrap and flatpak security update

An update is available for bubblewrap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged...

10CVSS8.6AI score0.01283EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/09/05 1:7 p.m.3 views

flatpak: Access to files outside sandbox for apps using persistent= (--persist)

A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...

10CVSS7.3AI score0.01283EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2024/08/06 4:49 a.m.4 views

SUSE CVE-1999-0183

Linux implementations of TFTP would allow access to files outside the restricted directory...

6.4CVSS7AI score0.01555EPSS
Exploits0References2
Rows per page
Query Builder