Lucene search
+L

6484 matches found

NVD
NVD
added 2026/06/23 4:17 p.m.15 views

CVE-2026-56692

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS0.00131EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:34 p.m.7 views

CVE-2026-56692

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 11:59 p.m.6 views

GHSA-P9F5-H3RX-J5QW Gogs Missing Authorization in Attachment Download

Summary In Gogs 0.14.1, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we confirmed that an unauthenticated user ca...

7.5CVSS5.8AI score0.00422EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/22 8:11 p.m.4 views

CVE-2026-39904 Gophish 0.12.1 Denial of Service via Office Document Upload

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 8:11 p.m.28 views

CVE-2026-39904 Gophish 0.12.1 Denial of Service via Office Document Upload

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 8:11 p.m.3 views

CVE-2026-39904 Gophish 0.12.1 Denial of Service via Office Document Upload

Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate function in models/attachment.go processes Office documents as ZI...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51457

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs is an open source self-hosted Git service. The endpoint '/attachments/:uuid' retrieves attachment records using the uuid variable provided in the URL and returns the corresponding local file witho...

7.5CVSS5.9AI score0.00422EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/20 11:56 a.m.9 views

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS6AI score0.01505EPSS
Exploits4References1
Cvelist
Cvelist
added 2026/06/20 11:56 a.m.44 views

CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...

10CVSS0.01505EPSS
Exploits4References1
OSV
OSV
added 2026/06/19 10:10 p.m.24 views

GHSA-F4XH-W4CJ-QXQ8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read

Summary An attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deploye...

7.7CVSS6AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 6:16 p.m.15 views

CVE-2026-49359

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS0.00242EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:6 p.m.7 views

CVE-2026-49359

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS6AI score0.00242EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/19 5:6 p.m.20 views

CVE-2026-49359 PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:6 p.m.19 views

CVE-2026-49359

PhpWeasyPrint (pontedilana/php-weasyprint) prior to version 2.6.0 is vulnerable: the attachment option for Pdf can accept any value that passes filter_var(url), including http, https, ftp, file, and PHP streams like php://. The library fetches these values server-side via file_get_contents, allow...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 5:6 p.m.3 views

CVE-2026-49359 PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS6AI score0.00242EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:15 p.m.6 views

CVE-2026-4027

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:15 p.m.12 views

EUVD-2026-38021

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:15 p.m.18 views

CVE-2026-4027

CVE-2026-4027 affects FlexNet Manager Suite 2025 R1 and R2, where insufficient access control could allow unauthorized access to attachment files. The vulnerability is described as an access-control weakness that could expose attachments to users without proper privileges. The description and met...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 1:15 p.m.33 views

CVE-2026-4027 FlexNet Manager Suite Attachment File Disclosure

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...

7.1CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.6 views

CVE-2026-11989

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

6.5CVSS6AI score0.00312EPSS
Exploits0References11
Rows per page
Query Builder