Lucene search
+L

166 matches found

OSV
OSV
added 2026/05/11 11:20 p.m.6 views

UBUNTU-CVE-2026-43901

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...

6.8CVSS5.8AI score0.00281EPSS
Exploits1References3
NVD
NVD
added 2026/05/11 7:16 p.m.43 views

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:23 p.m.9 views

EUVD-2026-29183

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34804

Name of the Vulnerable Software and Affected Versions melange versions 0.32.0 through 0.43.3 Description When using the opt-in flag '--persist-lint-results' via 'melange lint' or 'melange build', the software constructs output file paths by joining the '--out-dir' parameter with arch and pkgname...

4.4CVSS5.5AI score0.00172EPSS
Exploits0References10
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.59 views

melange has Path Traversal via .PKGINFO in --persist-lint-results

melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not validate...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/22 9:31 a.m.9 views

EUVD-2026-24674

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...

7.2CVSS5.9AI score0.00997EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:14 p.m.6 views

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/24 7:14 p.m.7 views

EUVD-2026-14992

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.9 views

PT-2026-27472

Name of the Vulnerable Software and Affected Versions IDrive versions affected versions not specified Description The id service.exe process operates with elevated privileges and routinely reads files located in the C:ProgramDataIDrive directory. These files, encoded in UTF16-LE, are used as...

7.8CVSS5.9AI score0.00171EPSS
Exploits0References13
NVD
NVD
added 2026/03/19 9:17 p.m.10 views

CVE-2026-32749

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsi...

9.1CVSS0.00434EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/19 7:34 p.m.11 views

AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

7.6CVSS5.9AI score0.00254EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 10:3 p.m.2 views

CVE-2026-32731

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of @apostrophecms/import-export, The extract function in gzip.js constructs file-write paths using fs.createWriteStreampath.joinexportPath, header.name. path.join does not resolve or sanitise traversal segments...

9.9CVSS5.6AI score0.00432EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.27 views

CVE-2026-1186

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

8.6CVSS5.5AI score0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 1:59 p.m.29 views

CVE-2026-1186 Path Traversal in EAP Legislator

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

8.6CVSS0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 1:59 p.m.5 views

CVE-2026-1186 Path Traversal in EAP Legislator

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

8.6CVSS5.5AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 1:59 p.m.4 views

CVE-2026-1186

EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive default file type used by the Legislator application and choose arbitrary path outside the intended directory e.x. system startup where files will be extracted by the victim upon...

8.6CVSS5.5AI score0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 10:24 p.m.23 views

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

10CVSS0.03008EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.7 views

CVE-2026-20613

The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...

7.8CVSS5.9AI score0.00244EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/26 11:28 p.m.5 views

Directory Traversal

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Directory Traversal via unsinitised file names passed directly into os.path.joinfiledir, fname function. An attacker can write files to arbitrary locations on the filesystem...

8.6CVSS7.3AI score0.02228EPSS
Exploits5References2
OSV
OSV
added 2026/01/16 7:16 p.m.5 views

UBUNTU-CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

8CVSS5.9AI score0.00337EPSS
Exploits0References6
Rows per page
Query Builder