Lucene search
K

5285 matches found

CVE
CVE
added yesterday8 views

CVE-2026-24014

CVE-2026-24014 — Apache IoTDB Path Traversal in DataNode Trigger JAR Upload : The issue arises in IoTDB’s DataNode internal RPC interface used to create Trigger instances. The JAR name is used to build a file path without sufficient validation, enabling path traversal if the RPC port is reachable...

9.8CVSS6AI score0.00148EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-24014

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

6AI score0.00148EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added yesterday6 views

Linux Distros Unpatched Vulnerability : CVE-2026-10732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entri...

9.8CVSS7.8AI score0.02147EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago25 views

YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

10CVSS7.2AI score0.30174EPSS
Exploits1References1
Nuclei
Nuclei
added 4 days ago75 views

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

9.9CVSS6.8AI score0.35461EPSS
Exploits2References5
Cvelist
Cvelist
added 4 days ago41 views

CVE-2026-47897 Apache Lucene.Net: Arbitrary file write from malicious server to Lucene.Net.Replicator client

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS0.00385EPSS
Exploits0References1
CVE
CVE
added 4 days ago15 views

CVE-2026-47897

CVE-2026-47897 is a path traversal vulnerability in Apache Lucene.Net.Replicator. Affected: Lucene.Net.Replicator library (versions from 4.8.0-beta00005 up to, but before, 4.8.0-beta00018). Root cause: improper limitation of a pathname to a restricted directory, enabling potential access to restr...

8.9CVSS5.9AI score0.00385EPSS
Exploits0References2
CVE
CVE
added 5 days ago19 views

CVE-2026-13054

CVE-2026-13054 describes a path traversal vulnerability in the WatchGuard Fireware OS Management Web UI that allows a privileged authenticated attacker to write arbitrary files on the Firebox filesystem. Affected: Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–2026.2. CVSS v4.0 vector i...

8.6CVSS5.9AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago40 views

CVE-2026-13054 WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1...

8.6CVSS0.00389EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-13054

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1...

8.6CVSS5.9AI score0.00389EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 5 days ago91 views

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.5AI score0.87113EPSS
Exploits4References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-58126 PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...

9.8CVSS0.00751EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 6 days ago4 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-56377

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS0.00164EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 3:51 p.m.32 views

CVE-2026-58166 OpenBMB ChatDev - Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS0.00628EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:51 p.m.17 views

CVE-2026-58166

OpenBMB ChatDev

9.1CVSS6AI score0.00628EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 11:10 a.m.9 views

CVE-2026-40987

A flaw was found in Spring Integration. A malicious or compromised FTP File Transfer Protocol, SFTP SSH File Transfer Protocol, or SMB Server Message Block server can exploit this vulnerability. This allows the server to write arbitrary files with attacker-controlled content to any location on th...

7.1CVSS6.2AI score0.0021EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 5:14 a.m.9 views

CVE-2026-56876

A flaw was found in extract-zip. This vulnerability allows a remote attacker to craft a malicious zip file containing symbolic links that point to locations outside the intended extraction directory. When a user extracts this malicious archive, extract-zip fails to validate the symlink targets,...

8.6CVSS6AI score0.00319EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/30 4:30 a.m.6 views

EUVD-2026-40253

The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the moveimageonserver function. This makes it possible for authenticated attackers, with author-level access and above, to write files with...

6.5CVSS5.9AI score0.00541EPSS
Exploits0References4
Rows per page
Query Builder