Lucene search
K

4 matches found

NVD
NVD
added 2026/06/12 9:16 p.m.10 views

CVE-2026-54394

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:30 p.m.7 views

CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS5.5AI score0.00319EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/03 9:14 p.m.12 views

Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Impact The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences e.g., ../../../etc/passwd to: - Read arbitrary files from the file system accessible to the...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/07 7:15 p.m.6 views

CVE-2022-26612

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an...

9.8CVSS7.2AI score0.04292EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder