Lucene search
+L

3953 matches found

nuclei
nuclei
added 8 hours ago77 views

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure

A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is...

8.7CVSS6.1AI score0.03692EPSS
Exploits1References3
nuclei
nuclei
added 8 hours ago79 views

Camtron CMNC-200 IP Camera - Directory Traversal

The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. id: CVE-2010-4231 info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high description: The CMNC-200 IP...

7.8CVSS7AI score0.09542EPSS
Exploits5References5
nuclei
nuclei
added 8 hours ago66 views

phpShowtime 2.0 - Directory Traversal

A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. dot dot in the r parameter to index.php. id: CVE-2012-0981 info: name: phpShowtime 2.0 - Directory Traversal author: daffainfo severity: medium description: A...

5CVSS6.2AI score0.11059EPSS
Exploits1References5
cve
cve
added yesterday8 views

CVE-2026-45533

DataEase prior to 2.10.23 contains a path traversal vulnerability in the export-center bulk delete API. Maliciously crafted identifiers can be passed to ExportCenterManage.delete using sequences like ../, enabling recursive deletion of arbitrary server directories during export task cleanup. Impa...

8.3CVSS6.2AI score0.00024EPSS
Exploits0References3
cvelist
cvelist
added yesterday29 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS
Exploits0References1
euvd
euvd
added yesterday5 views

EUVD-2026-44682

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS5.8AI score
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44662

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS6.1AI score
Exploits0References5
cvelist
cvelist
added yesterday26 views

CVE-2026-61446 PraisonAI before 1.6.78 Remote Code Execution via Plugin Auto-Discovery

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS
Exploits0References2
cvelist
cvelist
added 2 days ago33 views

CVE-2026-48318 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

9.9CVSS0.06675EPSS
Exploits0References1
cve
cve
added 2 days ago7 views

CVE-2026-11917

Rockwell Automation ThinManager’s API suffers a path traversal flaw caused by improper limitation of file save operations. An authenticated attacker can write arbitrary files to restricted system directories outside the application’s intended directory. CVSS 4.0 base score 7.2 (HIGH) with network...

7.2CVSS6.2AI score0.00324EPSS
Exploits0References1
ptsecurity
ptsecurity
added 3 days ago5 views

PT-2026-57712

Name of the Vulnerable Software and Affected Versions SureDash versions prior to 1.8.1 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in the SureDash plugin. This flaw allows an attacker to access files and directories outside the...

9.9CVSS6.1AI score0.00382EPSS
Exploits0References3
snyk
snyk
added 2026/07/08 10:39 p.m.6 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00258EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 9:16 p.m.9 views

CVE-2026-54528

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits1References3
cve
cve
added 2026/07/08 9:4 p.m.27 views

CVE-2026-54528

Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...

7.1CVSS6AI score0.00285EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/07/08 9:4 p.m.6 views

CVE-2026-54528 jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS6.1AI score0.00285EPSS
Exploits1References5
redhatcve
redhatcve
added 2026/07/08 6:20 a.m.6 views

CVE-2026-59995

A flaw was found in OpenSSH. The sftp client, when used to download files from a malicious server with the 'sftp server:/path .' command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/03 7:48 a.m.10 views

CVE-2026-47897

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS5.9AI score0.00616EPSS
Exploits0References2
euvd
euvd
added 2026/07/02 7:48 p.m.15 views

EUVD-2026-33277

Mautic vulnerable to Path Traversal via Campaign Import...

9.9CVSS5.8AI score0.00583EPSS
Exploits0References2
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-377 Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

9.6CVSS6AI score0.04417EPSS
Exploits1References5
nvd
nvd
added 2026/06/29 10:16 a.m.9 views

CVE-2026-57346

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3...

7.1CVSS0.00265EPSS
Exploits0References1
Rows per page
Query Builder