Lucene search
+L

413 matches found

euvd
euvd
added 2 days ago4 views

EUVD-2026-44669

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

9.1CVSS6.2AI score0.00425EPSS
Exploits0References4
cve
cve
added 3 days ago7 views

CVE-2026-9108

Studio 5000 Logix Designer is affected by a path traversal vulnerability in which ACD project files may contain unvalidated file names. During project opening, paths can escape the intended extraction directory, potentially allowing an attacker to write arbitrary files to attacker-controlled loca...

5.4CVSS6.2AI score0.00109EPSS
Exploits0References1
cve
cve
added 3 days ago7 views

CVE-2026-11917

Rockwell Automation ThinManager’s API suffers a path traversal flaw caused by improper limitation of file save operations. An authenticated attacker can write arbitrary files to restricted system directories outside the application’s intended directory. CVSS 4.0 base score 7.2 (HIGH) with network...

7.2CVSS6.2AI score0.00324EPSS
Exploits0References1
euvd
euvd
added last week9 views

EUVD-2026-42833

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/07/08 6:40 a.m.10 views

CVE-2026-59195

A flaw was found in pnpm, a package manager. A remote attacker could exploit a path traversal vulnerability by crafting a malicious pnpm-lock.yaml file. When a user installs dependencies from such a repository, pnpm incorrectly processes package names from the configDependencies section, leading ...

8.2CVSS6AI score0.00257EPSS
Exploits1References4
nvd
nvd
added 2026/07/06 11:16 a.m.16 views

CVE-2026-49297

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS0.01058EPSS
Exploits1References3
nvd
nvd
added 2026/07/01 1:17 p.m.6 views

CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

8.2CVSS0.00339EPSS
Exploits0References2
cve
cve
added 2026/07/01 12:26 p.m.22 views

CVE-2026-8387

CVE-2026-8387 : A vulnerability in allegroai/clearml up to version 1.16.5 permits relative path traversal when extracting ZIP archives via ZipFile.extractall() in StorageManager._extract_to_cache(). The missing path validation allows an attacker to write arbitrary files to the filesystem, with at...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References2
cve
cve
added 2026/07/01 11:58 a.m.23 views

CVE-2026-53906

CVE-2026-53906 affects MCO’s file handling for data export and upload. The underlying issue is improper validation of the filename parameter, allowing path traversal and the potential to write files to arbitrary locations, along with indirect disclosure of absolute server paths via error messages...

8.2CVSS5.9AI score0.00339EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 11:58 a.m.6 views

CVE-2026-53906

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

7.1CVSS5.9AI score0.00339EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58173

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS0.00307EPSS
Exploits0References3
euvd
euvd
added 2026/06/30 3:55 p.m.6 views

EUVD-2026-40354

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References4
osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-259 Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS7.5AI score0.0081EPSS
Exploits1References5
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-507 PyTorch Lightning path traversal vulnerability

In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/uploadfile/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to...

9.1CVSS6.5AI score0.01019EPSS
Exploits1References6
cvelist
cvelist
added 2026/06/26 8:36 p.m.26 views

CVE-2026-50136 Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...

7.4CVSS0.0029EPSS
Exploits1References1
cve
cve
added 2026/06/26 8:36 p.m.29 views

CVE-2026-50136

Budibase prior to version 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The /api/attachments/:datasourceId/url route is protected only by recaptcha, allowing a caller with workspace and S3 datasource IDs t...

7.4CVSS5.8AI score0.0029EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/06/26 8:36 p.m.3 views

CVE-2026-50136 Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...

7.4CVSS5.9AI score0.0029EPSS
Exploits1References3
osv
osv
added 2026/06/26 8:16 p.m.4 views

DEBIAN-CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
nvd
nvd
added 2026/06/25 9:16 p.m.10 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
nvd
nvd
added 2026/06/25 7:16 p.m.11 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS0.00184EPSS
Exploits0References1
Rows per page
Query Builder