Lucene search
K

100 matches found

CVE
CVE
added 2026/06/25 3:24 p.m.10 views

CVE-2026-48944

Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 3:24 p.m.5 views

CVE-2026-48944

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:19 p.m.15 views

CVE-2026-52799 Gogs: Missing Authorization in Attachment Download

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS0.00422EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:19 p.m.6 views

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS5.9AI score0.00422EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 8:19 p.m.12 views

CVE-2026-52799

Gogs (version

7.5CVSS5.9AI score0.00422EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 11:59 p.m.3 views

GHSA-P9F5-H3RX-J5QW Gogs Missing Authorization in Attachment Download

Summary In Gogs 0.14.1, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we confirmed that an unauthenticated user ca...

7.5CVSS5.8AI score0.00422EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 p.m.19 views

CVE-2026-42071

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS0.0026EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 8:29 p.m.15 views

EUVD-2026-33027

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Mantis Bug Tracker 安全漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a security vulnerability. This vulnerability stemmed from a lack of authorization checks in the file visibility function, allowing authenticated user...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.14 views

Trilium Notes 路径遍历漏洞

Trilium Notes is a hierarchical note application developed by Zadam’s individual developer. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a path traversal vulnerability. This vulnerability originated from local files and could allow...

6.8CVSS5.9AI score0.00621EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 12:31 a.m.16 views

EUVD-2026-30178

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 10:6 p.m.8 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/05/13 10:6 p.m.40 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS0.07244EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:21 p.m.4 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

8.2CVSS5.5AI score0.00155EPSS
Exploits0References3
CVE
CVE
added 2026/04/27 2:21 p.m.46 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 are affected by a cryptographic weakness in file and email sharing endpoints. DES-CBC is used with keys and IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to about 19,000 values. An unauthenticated attacker ca...

9.1CVSS5.5AI score0.00155EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32255

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 11:11 p.m.2 views

CVE-2026-32255

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 11:11 p.m.4 views

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 11:11 p.m.7 views

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS5.8AI score0.10069EPSS
Exploits0References5
Rows per page
Query Builder