Lucene search
+L

5495 matches found

Cvelist
Cvelist
added 2026/07/07 1:32 p.m.30 views

CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS0.00646EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/07 1:32 p.m.11 views

CVE-2026-6101

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/07 1:32 p.m.6 views

EUVD-2026-42041

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References10
CVE
CVE
added 2026/07/07 1:32 p.m.14 views

CVE-2026-6101

The CVE-2026-6101 entry affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12). The vulnerability arises from unsafe ZIP extraction in ampforwp_save_local_font() plus inadequate cleanup that omits removal of nested directories/files, enabling auth...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References10
Snyk
Snyk
added 2026/07/07 1:1 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the /skin/ action endpoint when running on Jetty 12 or later. An attacker can access arbitrary files on the server by crafting a URL containing encoded directory traversal sequences. This is only exploitable if th...

8.2CVSS6.5AI score
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 2:48 a.m.31 views

CVE-2026-42200 Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS0.00542EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 2:48 a.m.5 views

CVE-2026-42200 Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS6.1AI score0.00542EPSS
Exploits0References6
CVE
CVE
added 2026/07/07 2:48 a.m.18 views

CVE-2026-42200

Coolify prior to 4.0.0-beta.474 is affected by a path traversal in the PostgreSQL initialization script handling (generate_init_scripts() in app/Actions/Database/StartPostgresql.php). An authenticated user could write files outside the intended directory during database initialization, enabling c...

8.8CVSS6.1AI score0.00542EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.14 views

PT-2026-56191

Name of the Vulnerable Software and Affected Versions AMP for WP versions prior to 1.1.13 Description An Arbitrary File Write issue exists due to unsafe ZIP file extraction within the ampforwp save local font function, coupled with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References12
NVD
NVD
added 2026/07/06 9:16 p.m.12 views

CVE-2026-57571

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS0.00502EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/06 8:9 p.m.34 views

CVE-2026-57571 Crawl4AI arbitrary file write via download filename path traversal

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS0.00502EPSS
Exploits1References2
OSV
OSV
added 2026/07/06 8:9 p.m.4 views

CVE-2026-57571 Crawl4AI arbitrary file write via download filename path traversal

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS6.4AI score0.00502EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.6 views

CVE-2026-57571

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no confinement. A filename containing an absolute path or travers...

9.6CVSS6.4AI score0.00502EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/06 8:9 p.m.16 views

CVE-2026-57571

CVE-2026-57571 affects Crawl4AI prior to version 0.9.0. The vulnerability arises when saving downloaded files: the destination filename is taken from attacker-controlled input and joined to the downloads directory without confinement. If the filename contains an absolute path or traversal, it esc...

9.6CVSS6.4AI score0.00502EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/07/06 4:46 p.m.5 views

EUVD-2026-41892

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:46 p.m.7 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.0033EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/06 1:58 p.m.8 views

CVE-2026-50015

A flaw was found in pnpm. An attacker can exploit this by contributing a malicious patch file through a pull request. During the pnpm install process, the patch application pipeline fails to validate file paths extracted from these patch files. This allows the attacker to write or delete arbitrar...

7.3CVSS6.5AI score0.0027EPSS
Exploits1References4
NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-24014

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS0.00509EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 8:34 a.m.3 views

CVE-2026-24014 Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS6.2AI score0.00509EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 8:34 a.m.17 views

CVE-2026-24014

CVE-2026-24014 — Apache IoTDB Path Traversal in DataNode Trigger JAR Upload : The issue arises in IoTDB’s DataNode internal RPC interface used to create Trigger instances. The JAR name is used to build a file path without sufficient validation, enabling path traversal if the RPC port is reachable...

9.8CVSS6AI score0.00509EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder