Lucene search
K

63 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43184

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References4
CVE
CVE
added 6 days ago12 views

CVE-2026-56273

Flowise prior to 3.1.0 is affected by a path traversal in its Faiss and SimpleStore vector store implementations. The vulnerability arises from unsanitized basePath parameters accepted from authenticated users, enabling attackers with valid API tokens to write vector store data to arbitrary files...

6.5CVSS6.5AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:42 p.m.10 views

GHSA-JVCM-F35G-W78P Network-AI: AgentRuntime sandbox path-prefix checks allow file access outside the configured base directory

Summary AgentRuntime promises scoped file access under a configured sandbox basePath, but its path containment checks use raw string prefix tests. A sandbox base such as /tmp/network-ai-sandbox also matches a sibling path such as /tmp/network-ai-sandboxevil/secret.txt. An agent/user that can call...

6.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/19 8:0 p.m.16 views

Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path

Summary pymdownx.snippets has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With restrictbasepath: True the default, the current filename.startswithbase containment check does not enforce a directory boundary. As a result, a markdown snippet directive can read files from sibling...

7.5CVSS7AI score0.01815EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/19 8:0 p.m.4 views

GHSA-62Q4-447F-WV8H Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path

Summary pymdownx.snippets has a regression of the CVE-2023-32309 / GHSA-jh85-wwv9-24hv fix. With restrictbasepath: True the default, the current filename.startswithbase containment check does not enforce a directory boundary. As a result, a markdown snippet directive can read files from sibling...

4.3CVSS5.7AI score0.0003EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-42035

Name of the Vulnerable Software and Affected Versions pymdown-extensions versions 10.0.1 through 10.21.2 Description A regression in the pymdownx.snippets extension allows for arbitrary file read on the host system where the build runs. When restrict base path is set to True, the software uses a...

4.3CVSS6.1AI score0.0003EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.16 views

FileBrowser Quantum 路径遍历漏洞

FileBrowser Quantum is a file manager developed by Graham Steffaniak. Versions prior to 1.3.1-stable and 1.3.9-beta contained a path traversal vulnerability. This vulnerability stemmed from the concatenation of trusted base paths before path cleaning, which could lead to directory traversal attac...

9.1CVSS5.8AI score0.00523EPSS
Exploits1References2
OSV
OSV
added 2026/04/16 9:22 p.m.18 views

GHSA-W6V6-49GH-MC9W Flowise: Path Traversal in Vector Store basePath

Summary The Faiss and SimpleStore LlamaIndex vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locatio...

4.9CVSS6AI score0.0033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:24 p.m.1 views

CVE-2026-33528

GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...

6.5CVSS5.8AI score0.00502EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.7AI score0.00322EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/12 2:21 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the skills download installer. An attacker can cause files to be written outside the intended directory by rebinding the validated...

6.9CVSS5.8AI score0.00087EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.7AI score0.00322EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 9:16 p.m.22 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS0.00322EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:6 p.m.10 views

CVE-2026-28492

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.16 views

File Browser 信息泄露漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.61.0 contained a vulnerability related to information leakage. This...

7.1CVSS7.2AI score0.00322EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/02 8:15 p.m.2 views

Directory Traversal

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Directory Traversal due to improper handling of BasePathFs by the withHashFile middleware. An attacker can access and download files outside the intended shared directory...

7.1CVSS6.2AI score0.00322EPSS
Exploits1References2
OSV
OSV
added 2026/03/02 8:15 p.m.17 views

GHSA-MR74-928F-RW69 FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory

Summary When a user creates a public share link for a directory, the withHashFile middleware in http/public.go line 59 uses filepath.Dirlink.Path to compute the BasePathFs root. This sets the filesystem root to the parent directory instead of the shared directory itself, allowing anyone with the...

7.1CVSS6AI score0.00322EPSS
Exploits1References5
Rows per page
Query Builder