Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4192 matches found

EUVD
EUVDadded 2026/02/25 10:34 p.m.18 views

EUVD-2026-8643

Basic FTP has Path Traversal Vulnerability in its downloadToDir method...

9.1CVSS5.2AI score0.00528EPSS
Exploits2References4
RedhatCVE
RedhatCVEadded 2026/02/25 10:17 p.m.5 views

CVE-2026-26342

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

9.8CVSS5.5AI score0.00716EPSS
Exploits3References1
NVD
NVDadded 2026/02/25 3:20 p.m.4 views

CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS0.00528EPSS
Exploits2References3
OSV
OSVadded 2026/02/25 3:20 p.m.2 views

DEBIAN-CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS8.3AI score0.00528EPSS
Exploits2References1
UbuntuCve
UbuntuCveadded 2026/02/25 3:20 p.m.3 views

CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS7.1AI score0.00528EPSS
Exploits2References5
OSV
OSVadded 2026/02/25 3:20 p.m.1 views

UBUNTU-CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS7.3AI score0.00528EPSS
Exploits2References6
ATTACKERKB
ATTACKERKBadded 2026/02/25 2:58 p.m.4 views

CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS5.4AI score0.00528EPSS
Exploits2References4Affected Software1
CVE
CVEadded 2026/02/25 2:58 p.m.37 views

CVE-2026-27699

The CVE affects the Node.js FTP client library basic-ftp prior to version 5.2.0, where the downloadToDir() method is vulnerable to a path traversal (CWE-22). A malicious FTP server can emit directory listings containing filenames with traversal sequences ("../"), causing files to be written outsi...

9.8CVSS5.4AI score0.00528EPSS
Exploits2References3Affected Software1
OSV
OSVadded 2026/02/25 2:58 p.m.3 views

CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.1CVSS5.5AI score0.00528EPSS
Exploits2References5
Debian CVE
Debian CVEadded 2026/02/25 2:58 p.m.4 views

CVE-2026-27699

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.8CVSS8.3AI score0.00528EPSS
Exploits2
SUSE Linux
SUSE Linuxadded 2026/02/25 9:46 a.m.6 views

Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: dracut-saltboot: Update to version 1.1.0 Retry DHCP requests up to 3 times bsc1253004 golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-boynux-squidexporter: Update to version 1.13.0...

8.7CVSS5.7AI score0.00677EPSS
Exploits1References56
OSV
OSVadded 2026/02/24 8:27 p.m.8 views

CVE-2026-26342

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

9.8CVSS5.8AI score
Exploits0References3
NVD
NVDadded 2026/02/24 8:27 p.m.8 views

CVE-2026-26341

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

9.8CVSS0.02663EPSS
Exploits3References3
OSV
OSVadded 2026/02/24 8:27 p.m.7 views

CVE-2026-26341

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

9.8CVSS5.8AI score
Exploits0References3
NVD
NVDadded 2026/02/24 8:27 p.m.9 views

CVE-2026-26342

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

9.8CVSS0.00716EPSS
Exploits3References3
Vulnrichment
Vulnrichmentadded 2026/02/24 6:41 p.m.4 views

CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

8.7CVSS5.5AI score0.00716EPSS
Exploits3References3
ATTACKERKB
ATTACKERKBadded 2026/02/24 6:41 p.m.2 views

CVE-2026-26342

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

9.8CVSS5.9AI score0.00716EPSS
Exploits3References4
Cvelist
Cvelistadded 2026/02/24 6:41 p.m.22 views

CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

8.7CVSS0.00716EPSS
Exploits3References3
Vulnrichment
Vulnrichmentadded 2026/02/24 6:40 p.m.6 views

CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

9.3CVSS5.4AI score0.02663EPSS
Exploits3References3
Cvelist
Cvelistadded 2026/02/24 6:40 p.m.21 views

CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

9.3CVSS0.02663EPSS
Exploits3References3
Rows per page
Query Builder