Lucene search
+L

166 matches found

Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.13 views

PT-2026-57023

Name of the Vulnerable Software and Affected Versions psd-tools versions prior to 1.17.1 Description An issue exists where the SmartObject.save function writes embedded smart objects to a path taken directly from a PSD file without sanitization. This allows an attacker to use absolute paths or...

4.6CVSS6.2AI score
Exploits0References9
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-54096

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:35 p.m.8 views

CVE-2026-54096

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS6AI score0.00175EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 5:17 p.m.11 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS0.00519EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 5:16 p.m.12 views

CVE-2026-55092

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

7.5CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 4:26 p.m.30 views

CVE-2026-55092

Trivy before 0.71.1 vulnerable to path traversal when downloading OCI artifacts: the org.opencontainers.image.title annotation from the artifact manifest is used as the destination filename without validation, allowing writing layer content to arbitrary locations on the host filesystem. Impact is...

7.5CVSS6AI score0.00292EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/24 9:16 p.m.10 views

CVE-2026-52797

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result o...

8.5CVSS0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:35 p.m.31 views

CVE-2026-52797 Gogs: Overwriting critical files results in a denial of service

Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the filtering of the passed value, allows the user to bypass the target directory and write the result o...

8.5CVSS0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:17 p.m.13 views

CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

6.3CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:17 p.m.8 views

CVE-2026-56447

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS0.00342EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 12:31 p.m.6 views

CVE-2026-56446 Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...

8.7CVSS6.6AI score0.00383EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 9:42 p.m.10 views

GHSA-2FMP-9RVW-HC96 Network-AI: Poisoned environment backup manifest allows arbitrary recursive deletion during backup pruning

Summary EnvironmentManager.listBackups reads each backup's manifest.json and trusts the manifest's path field. EnvironmentManager.pruneBackups later passes that trusted entry.path directly to rmSyncentry.path, recursive: true, force: true . An attacker who can place or modify a manifest inside...

7.1CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2026/06/18 9:16 p.m.16 views

CVE-2026-49248

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS0.00382EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49068

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.7 Description An authenticated user can create a public share for an arbitrary path that does not yet exist. The system stores the share record without verifying the file's existence. Consequently, if a file...

8.4CVSS6AI score0.00175EPSS
Exploits0References6
NVD
NVD
added 2026/06/10 3:16 p.m.16 views

CVE-2026-45556

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

Fission 路径遍历漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained a path traversal vulnerability. This vulnerability stemmed from the Unarchive function using filepath.Join to concatenate the archive entry name with the target directory,...

7.7CVSS5.3AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Roxy-WI 输入验证错误漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from the POST /waf///rule//save endpoint accepting the configfilename...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48440

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://server ip:agent port/...'. The path component is...

6.5CVSS5.5AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.41 views

PT-2026-48436

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.14 views

CVE-2026-42213

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References1
Rows per page
Query Builder