Lucene search
K

44980 matches found

EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43554

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score
Exploits0References5
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43543

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

4.7CVSS6.3AI score
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-49970

Vulnerability summary: Laravel-Mediable before 7.0.0 contains a path traversal flaw in File::sanitizePath() that lets attackers write uploaded files to arbitrary locations via MediaUploader::toDestination(), due to a permissive regex allowing dot/slash and a weak trailing trim. This can enable re...

8.8CVSS6.3AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-22097

The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...

9.3CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-22097

The CVE-2026-22097 entry describes a vulnerability where the firmware update mechanism does not perform cryptographic signature validation, allowing an attacker with access to the firmware update capability to upload arbitrary files that can lead to arbitrary code execution. The issue is document...

9.3CVSS6.2AI score0.0027EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-22102

CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...

9.3CVSS6.3AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-22102 Arbitrary file overwrite through certificate update functionality

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS0.00431EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-57815

CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...

7.5CVSS6.1AI score0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...

7.5CVSS0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...

9.9CVSS0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57401 WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through = 1.8.0...

9.9CVSS0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-57719 WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...

10CVSS0.00522EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57709

CVE-2026-57709 affects the WordPress plugin WP Swings Membership For WooCommerce (Membership For WooCommerce) up to version 3.1.0. The issue is a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file deletion. CVSS v3.1 base sc...

8.6CVSS6.1AI score0.00533EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-57719

CVE-2026-57719 affects the WordPress plugin Aimogen Pro (versions up to and including 2.8.3). The vulnerability is described as Unrestricted Upload of File with Dangerous Type (Arbitrary File Upload) in Aimogen Pro, allowing attackers to upload malicious files. The CVSS v3.1 metrics indicate a ba...

10CVSS6.1AI score0.00522EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57710

Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...

9.9CVSS6.1AI score0.00479EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57389

CVE-2026-57389 affects Groundhogg WordPress plugin versions up to 4.4.1. The issue is described as an improper limitation of a pathname to a restricted directory (path traversal) that allows arbitrary file deletion. NVD/Patchstack entries indicate a High severity (CVSS 3.1 base score 8.6) with ne...

8.6CVSS6.1AI score0.00533EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-57389 WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through = 4.4.1...

8.6CVSS0.00533EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-15540

CVE-2026-15540 affects SourceCodester Online Book Store System 1.0. The Administrative Interface file /admin/index.php contains a vulnerability where manipulating the page parameter leads to improper control of the filename used in include/require statements in PHP, i.e., a local file inclusion. ...

5.3CVSS5.9AI score0.00242EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday112 views

Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. id: CVE-2020-29453 info: name: Jira Server Pre-Auth - Arbitrary File...

5.3CVSS6.3AI score0.23086EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday16 views

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload

Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...

9.8CVSS7.1AI score0.97107EPSS
Exploits15References4
Rows per page
Query Builder