Lucene search
K

5552 matches found

NVD
NVD
added 2026/06/09 10:16 a.m.13 views

CVE-2026-52902

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS0.00121EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 9:33 a.m.29 views

CVE-2026-52902

CVE-2026-52902 affects awxkit (AWX CLI). The YAML !include directive permits path traversal, enabling an attacker to craft a YAML file that reads arbitrary local YAML files when a user imports it via awx --conf.format yaml import. This is a client-side vulnerability requiring user interaction. Mi...

4.7CVSS5.5AI score0.00121EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 9:33 a.m.6 views

CVE-2026-52902 Awxkit: path traversal via yaml !include directive

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.4AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 9:33 a.m.13 views

EUVD-2026-35389

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.5AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 9:33 a.m.42 views

CVE-2026-52902 Awxkit: path traversal via yaml !include directive

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 9:33 a.m.17 views

CVE-2026-52902

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.5AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47736

Name of the Vulnerable Software and Affected Versions awxkit affected versions not specified Description A path traversal issue exists in the CLI tool for AWX. The YAML !include directive fails to sanitize file paths, which allows an attacker to create a malicious YAML file. When a user imports...

4.7CVSS5.9AI score0.00121EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48289

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A bug in the query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE causes...

7.1CVSS5.8AI score0.00103EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-27316

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

2.7CVSS5.5AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-7626

The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in version 1.0. This is due to the wsbhandleslekpaymentredirect function placing the merchant's slekkey and sleksecret API credentials directly into a client-side HTML form, and additionally embedding the...

5.3CVSS5.5AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4054

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS5.4AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.14 views

CVE-2026-9139

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...

9.8CVSS5.5AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS5.6AI score0.00482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.6 views

CVE-2026-42518

This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unauthenticated remote attacker could exploit this vulnerability by accessing the client-side code to extract sensitive information and cryptographic...

8.7CVSS5.6AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-39306

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...

7.3CVSS5.6AI score0.00291EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.8 views

CVE-2026-8043

External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to information disclosure and possible client-side attacks...

9.6CVSS5.9AI score0.00869EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:44 p.m.24 views

CVE-2026-46396

CVE-2026-46396 stems from a stored XSS in HAX CMS prior to 26.0.0, caused by improper sanitization of elements that permit javascript: in the src attribute. When a victim views a page containing such an iframe, arbitrary JavaScript can execute in the browser context, enabling access to sensitive...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 3:5 a.m.9 views

Security Bulletin: Due to use of postgresql-42.7.10.jar, IBM Sterling Connect:Direct Web Services is affected by client-side denial of service.

Summary postgresql-42.7.10.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42198. Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial o...

7.5CVSS7AI score0.0077EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/03 6:16 p.m.12 views

CVE-2026-39107

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

6.3CVSS0.0027EPSS
Exploits0References2
Rows per page
Query Builder