Lucene search
K

265 matches found

EUVD
EUVD
added 2026/06/26 10:29 p.m.11 views

EUVD-2026-38069

YARD static cache reads raw traversal paths before router sanitization...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 2:33 p.m.36 views

CVE-2026-57436 Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS0.00312EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/19 7:13 p.m.7 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0
CVE
CVE
added 2026/06/19 7:13 p.m.26 views

CVE-2026-49342

YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 4:36 p.m.7 views

GHSA-WJV4-X9W8-WM3H Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Summary Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. Nokogiri...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47749

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file download permissions can download files...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/05/16 9:29 a.m.215 views

Exploit for CVE-2026-6433

CVE-2026-6433 — Proof of Concept FlipperCode — Custom CSS,...

7.3CVSS6.2AI score0.00753EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2026/05/11 8:53 a.m.11 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/05 6:16 p.m.6 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

nginx 0.5.13 < 1.28.3 / 1.29.x < 1.29.7 Buffer Overflow in ngx_http_dav_module

The installed version of nginx is 0.5.13 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/07 9:43 p.m.9 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
NVD
NVD
added 2026/04/07 1:16 p.m.10 views

CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

9.8CVSS0.0053EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/04/07 1:16 p.m.9 views

CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/07 12:28 p.m.13 views

CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/07 12:28 p.m.7 views

EEF-CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Summary Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via script\alias. When script\alias maps a URL prefix to a directory outside DocumentRoot, mod\auth evaluates directory-based access...

8.3CVSS5.8AI score0.0053EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.13 views

PT-2026-30814

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.2, 26.2.5.19, and 27.3.4.10 Description An incorrect authorization issue exists in Erlang OTP inets modules that allows unauthenticated access to CGI scripts protected by directory rules when served via...

9.8CVSS5.7AI score0.0053EPSS
Exploits0References41
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.9 views

CVE-2025-41368

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

8.7CVSS6AI score0.00613EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 7:10 a.m.4 views

BIT-NGINX-2026-27654 NGINX ngx_http_dav_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0References20
Rows per page
Query Builder