Lucene search
+L

16689 matches found

Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-57871

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description A flaw in the Send Support Information feature allows local attackers to create a denial-of-service condition. An attacker with the ability to execute low-privileged code on the target system...

5.5CVSS5.5AI score0.00104EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:16 p.m.4 views

DEBIAN-CVE-2026-58266

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 9:17 p.m.10 views

CVE-2026-55631

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS0.00313EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:24 p.m.8 views

CVE-2026-55631

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS6.1AI score0.00313EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/07 4:37 p.m.53 views

CVE-2026-14904 RES Auth.GetUserPrivateKey Arbitrary File Read

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56146

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.8.1 Description Authenticated users with subscriber-level access and above can relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This occurs because the plug...

4.6CVSS6.2AI score0.00142EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-50135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct...

6.9CVSS6.2AI score0.00275EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 8:16 p.m.7 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS0.00318EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 8:16 p.m.8 views

DEBIAN-CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/06 7:52 p.m.7 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/07/06 7:52 p.m.7 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/06 7:25 p.m.6 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 3:16 p.m.25 views

CVE-2026-59194

PnPM vulnerability CVE-2026-59194 affects the patch-remove feature. A crafted patch entry could resolve outside the configured patches directory, causing patch-remove to delete an arbitrary reachable file. The issue is fixed in pnpm versions 10.34.4 and 11.7.0. The connected documents do not prov...

7.1CVSS6AI score0.00257EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/07/06 3:16 p.m.5 views

CVE-2026-59194 pnpm: patch-remove could delete project-selected files outside the patches directory

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS6AI score0.00257EPSS
Exploits1References3
Snyk
Snyk
added 2026/07/03 11:17 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Lucene.Net.Replicator process. An attacker can access arbitrary files on the server by submitting crafted requests containing path traversal sequences. Details A Directory Traversal attack also known as path...

8.9CVSS6.5AI score0.00703EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 7:48 p.m.15 views

EUVD-2026-33277

Mautic vulnerable to Path Traversal via Campaign Import...

9.9CVSS5.8AI score0.00583EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 6:32 p.m.7 views

EUVD-2026-41418

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 2:13 p.m.6 views

PYSEC-2026-645 instack-undercloud vulnerable to symlink attack on tmp files

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

6.4CVSS6.6AI score0.00347EPSS
Exploits0References14
NVD
NVD
added 2026/07/02 6:16 a.m.13 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 7:1 p.m.5 views

GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.9CVSS6.1AI score0.00169EPSS
Exploits0References2
Rows per page
Query Builder