Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

224 matches found

Tenable Nessus
Tenable Nessusadded 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-44837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...

7.5CVSS5.8AI score0.00015EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded last week4 views

CVE-2026-48544

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

8.7CVSS5.8AI score0.00235EPSS
Exploits0References1
NVD
NVDadded last week11 views

CVE-2026-49238

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

8.4CVSS0.00024EPSS
Exploits1References1
NVD
NVDadded 2026/05/27 3:16 p.m.7 views

CVE-2026-48544

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

8.7CVSS0.00235EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/27 2:37 p.m.36 views

CVE-2026-48544 Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

8.7CVSS0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/27 2:22 p.m.7 views

CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00053EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/27 2:22 p.m.34 views

CVE-2026-47118 Agent Zero < 1.15 Path Traversal File Read via image_get API

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS0.00053EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/27 2:22 p.m.4 views

EUVD-2026-32522

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00053EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/27 2:22 p.m.4 views

CVE-2026-47118

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00053EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

7.1CVSS5.9AI score0.00053EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-44007

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get resource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

8.7CVSS5.8AI score0.00235EPSS
Exploits0References5
OSV
OSVadded 2026/05/26 9:16 p.m.2 views

DEBIAN-CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00015EPSS
Exploits1References1
NVD
NVDadded 2026/05/26 9:16 p.m.7 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS0.00015EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/05/26 7:40 p.m.3 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00015EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/26 7:40 p.m.30 views

CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS0.00015EPSS
Exploits1References1
CVE
CVEadded 2026/05/26 7:40 p.m.6 views

CVE-2026-44837

ViewComponent CVE-2026-44837 affects Rails ViewComponent from 3.0.0 to 4.9.0. Root cause: system test entrypoint uses File.realpath and starts_with to check the path, which is not a safe containment check and allows potential sibling-directory escapes. Impact: could permit access to files outside...

7.5CVSS5.8AI score0.00015EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2026/05/26 7:40 p.m.6 views

EUVD-2026-31971

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00015EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/26 7:40 p.m.5 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00015EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/05/18 4:56 p.m.4 views

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...

7.5CVSS5.9AI score0.00024EPSS
Exploits7References1
OSV
OSVadded 2026/05/15 4:55 p.m.6 views

GHSA-3363-2PH6-35WH Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

7.5CVSS5.9AI score
Exploits0References5
Rows per page
Query Builder