Lucene search
+L

225 matches found

UbuntuCve
UbuntuCve
added 2026/02/20 2:16 a.m.5 views

CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.8AI score0.00288EPSS
Exploits1References4
OSV
OSV
added 2026/02/20 2:16 a.m.10 views

UBUNTU-CVE-2026-26960

node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...

7.1CVSS5.9AI score0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/02/20 1:7 a.m.62 views

CVE-2026-26960

CVE-2026-26960 affects node-tar (Node.js tar handling). In versions 7.5.7 and earlier, a crafted archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary read/write by the extracting user. Root cause: using default options...

7.1CVSS5.6AI score0.00288EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/10 7:22 p.m.5 views

CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS5.7AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.10 views

MarkUs 安全漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Version 2.9.1 of MarkUs contained a security vulnerability caused by improperly limited parameter ranges, which could allow access to arbitrary submission file contents...

6.5CVSS5.9AI score0.00251EPSS
Exploits0References4
NVD
NVD
added 2026/02/06 7:16 p.m.10 views

CVE-2026-25650

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

8.7CVSS0.00409EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 6:53 p.m.6 views

CVE-2026-25650

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

8.7CVSS5.5AI score0.00409EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/04 3:16 p.m.6 views

CVE-2025-70997

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level...

8.1CVSS0.00187EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/03 5:52 p.m.16 views

JinJava Bypass through ForTag leads to Arbitrary Java Execution

Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...

9.8CVSS6.2AI score0.00889EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/01/21 10:8 p.m.7 views

EUVD-2026-4142

Copier safe template has arbitrary filesystem read access via symlinks when preservesymlinks: false...

6.8CVSS5.6AI score0.002EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.7 views

CVE-2018-18771

An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...

7.5CVSS7.4AI score0.0089EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52263

Name of the Vulnerable Software and Affected Versions Vega affected versions not specified Description The software contains a flaw due to inadequate input validation within the convert function when safeMode is active and the spec variable is an array. This allows an attacker to create a special...

8.7CVSS5.9AI score0.00254EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/07 6:46 p.m.7 views

EUVD-2025-38316

KubeVirt Vulnerable to Arbitrary Host File Read and Write...

6.4AI score0.00227EPSS
Exploits1References5
Veracode
Veracode
added 2025/10/31 7:34 a.m.9 views

Path Traversal

esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper validation of the X-Zone-Id HTTP header when constructing filesystem paths, which allows an attacker to use ../ sequences to write files outside the intended storage directory and access arbitrary locations on the system...

6.9CVSS7.2AI score0.02829EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2025/10/10 10:55 p.m.7 views

GHSA-J44M-5V8F-GC9C Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

7.7CVSS6.6AI score0.12115EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-15328

Malware in sbrugna...

8.1CVSS8.7AI score0.01905EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7376

Malware in sbrugna...

6.5CVSS6.8AI score0.01116EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-2174

Malware in sbrugna...

5CVSS6.1AI score0.00928EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-7535

Malware in sbrugna...

7.5CVSS7.1AI score0.03398EPSS
Exploits2References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.27 views

EUVD-2010-2454

Malware in sbrugna...

10CVSS6AI score0.03342EPSS
Exploits1References8
Rows per page
Query Builder