CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

146 matches found

Github Security Blog•added 2026/05/22 5:26 p.m.•13 views

FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory

Summary publicPatchHandler in backend/http/public.go joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversa...

9.1CVSS5.9AI score0.00968EPSS

Exploits1References2Affected Software1

OSV•added 2026/04/27 9:34 a.m.•3 views

GHSA-V3VG-332R-MW99 Camel-PQC Vulnerable to Deserialization of Untrusted Data

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of .key files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to java.security.KeyPair is evaluated only after readObject has...

7.8CVSS6.4AI score0.00027EPSS

Exploits0References9

OSV•added 2026/04/20 10:29 a.m.•3 views

SUSE-SU-2026:1483-1 Security update for helm

This update for helm fixes the following issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory OOM termination bsc1248093. - CVE-2026-35206: files written to unexpected directory via specially crafted Chartbsc1261938. Changes for helm: - Update to version 3.20.2...

6.5CVSS7.3AI score0.0002EPSS

Exploits0References5

Information Security Automation•added 2026/04/17 10:0 a.m.•13 views

April Microsoft Patch Tuesday

April Microsoft Patch Tuesday. A total of 167 vulnerabilities, about twice as many as in March. There is one vulnerability already being exploited in the wild: 🔻 Spoofing - Microsoft SharePoint Server CVE-2026-32201. ZDI experts say "Spoofing bugs in SharePoint often manifest as cross-site...

9.8CVSS6.4AI score0.08924EPSS

Exploits9

Snyk•added 2026/04/10 8:18 p.m.•3 views

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via the login and openDir methods. An attacker can execute arbitrary FTP commands by injecting control characters into...

9.1CVSS6.1AI score0.02042EPSS

Exploits1References2

EUVD•added 2026/03/30 4:33 p.m.•5 views

EUVD-2026-17151

Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path Validation...

6.9CVSS5.9AI score0.00079EPSS

Exploits1References2

CNNVD•added 2026/03/18 12:0 a.m.•2 views

xiaoheiFS 安全漏洞

xiaoheiFS is a self-hosted cloud service system developed by Danvei’s individual developers. Versions of xiaoheiFS prior to 0.3.15 contain security vulnerabilities. These vulnerabilities stem from the AdminPaymentPluginUpload endpoint, which allows administrators to upload arbitrary files to the...

7.2CVSS6.3AI score0.00073EPSS

Exploits1References1

Snyk•added 2026/03/07 4:46 p.m.•4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readdirectory function. An attacker can cause a denial of service by providing specially crafted input files that trigger an out-of-bounds read during the parsing process. Remediation A fix was pushed into the...

5.5CVSS5.8AI score0.00024EPSS

Exploits1References2

IBM Security Bulletins•added 2026/03/06 8:14 p.m.•6 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.15 Vulnerability Details CVEID:CVE-2026-22860 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the...

7.5CVSS5.4AI score0.00123EPSS

Exploits4Affected Software6

OSV•added 2026/02/18 7:21 p.m.•1 views

UBUNTU-CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

7.5CVSS6.7AI score0.00123EPSS

Exploits1References4

UbuntuCve•added 2026/02/18 7:21 p.m.•2 views

CVE-2026-22860

7.5CVSS6.7AI score0.00123EPSS

Exploits1References3

Snyk•added 2026/02/17 4:14 p.m.•3 views

Exposure of Information Through Directory Listing

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS5.7AI score0.00123EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2010-3347

Malware in sbrugna...

6.9CVSS6.1AI score0.00047EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2007-6678

Malware in sbrugna...

6.8CVSS6.1AI score0.01634EPSS

Exploits1References15