Lucene search
+L

16674 matches found

euvd
euvd
added 6 days ago6 views

EUVD-2026-42897

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and inclu...

6.8CVSS6.2AI score0.00259EPSS
Exploits0References3
cve
cve
added 6 days ago5 views

CVE-2026-61431

PraxionAI (note: the spelling in the record appears as PraisonAI) before version 4.6.78 exposes a path traversal vulnerability in the ContextGatherer. The flaw stems from failing to validate include paths in .praisoncontext and .praisoninclude files, allowing an attacker with local access to supp...

6.8CVSS6.2AI score0.00259EPSS
Exploits0References3
cvelist
cvelist
added 6 days ago28 views

CVE-2026-61431 PraisonAI before 4.6.78 Path Traversal via ContextGatherer

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and inclu...

6.8CVSS0.00259EPSS
Exploits0References3
attackerkb
attackerkb
added 6 days ago8 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS6AI score0.00111EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago31 views

CVE-2026-21053

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox...

5.1CVSS0.00111EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 5:46 p.m.8 views

EUVD-2026-42662

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...

8.6CVSS6.2AI score0.0084EPSS
Exploits1References5
cvelist
cvelist
added 2026/07/08 8:56 p.m.34 views

CVE-2026-58192 Appium: Unauthenticated arbitrary file/directory deletion in @appium/storage-plugin

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage plugin exposes POST /storage/delete, whose handler passes the user-supplied name value directly into path.joinstorageRoot, name and fs.rimraf witho...

8.6CVSS0.00345EPSS
Exploits0References4
cve
cve
added 2026/07/08 7:47 p.m.13 views

CVE-2026-8650

Vulnerability: Relative path traversal in Progress MOVEit Transfer (Admin Settings module). Affected versions: MOVEit Transfer before 2025.0.7, and from 2025.1.0 before 2025.1.3. Impact (as described): Authenticated path traversal that can allow viewing arbitrary system files. Notes: The provided...

7.5CVSS5.9AI score0.00365EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/07/08 2:55 p.m.4 views

CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS6.2AI score0.00329EPSS
Exploits0References6
cve
cve
added 2026/07/08 1:49 p.m.10 views

CVE-2026-58654

The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 suffers an unrestricted file upload in /api/v1/users/user/avatar: it validates only the client-declared MIME type and allows arbitrary content to be stored under user/accounts/avatars/ with predictable filenames. Although direct HTTP access is b...

5.3CVSS6.7AI score0.00261EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/07/08 6:40 a.m.12 views

CVE-2026-59194

A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by providing a specially crafted patch entry. This crafted entry could resolve outside the configured patches directory, allowing for the deletion of an arbitrary file when pnpm patch-remove is execute...

7.1CVSS6AI score0.00257EPSS
Exploits1References4
nvd
nvd
added 2026/07/08 5:16 a.m.13 views

CVE-2026-14244

The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS0.00692EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-57871

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description A flaw in the Send Support Information feature allows local attackers to cause a denial-of-service condition. An attacker with the ability to execute low-privileged code on the target system...

5.5CVSS6.3AI score0.00104EPSS
Exploits0References3
osv
osv
added 2026/07/07 10:16 p.m.3 views

DEBIAN-CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 9:17 p.m.10 views

CVE-2026-55631

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS0.00313EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/07 8:24 p.m.8 views

CVE-2026-55631

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS6.1AI score0.00313EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/07/07 4:37 p.m.52 views

CVE-2026-14904 RES Auth.GetUserPrivateKey Arbitrary File Read

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS0.00381EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.9 views

PT-2026-56146

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.8.1 Description Authenticated users with subscriber-level access and above can relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This occurs because the plug...

4.6CVSS6.2AI score0.00142EPSS
Exploits0References5
nessus
nessus
added 2026/07/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-50135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct...

6.9CVSS6.2AI score0.00275EPSS
Exploits0References3
nvd
nvd
added 2026/07/06 8:16 p.m.6 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS0.00318EPSS
Exploits0References4
Rows per page
Query Builder