Lucene search
+L

8 matches found

cvelist
cvelist
added 2026/06/25 5:39 p.m.32 views

CVE-2026-54093 File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 12:54 p.m.5 views

CVE-2026-56448

A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image,...

8.3CVSS6AI score0.00292EPSS
Exploits0References2
cve
cve
added 2026/06/22 12:54 p.m.15 views

CVE-2026-56448

CVE-2026-56448 involves a path traversal in the AIL Framework. An authenticated user can craft object identifiers via the investigation workflow, causing path components to be joined with storage paths without ensuring the final path stays in the intended image/favicon/screenshot directories. Thi...

8.3CVSS6AI score0.00292EPSS
Exploits0References1
atlassian
atlassian
added 2025/08/18 8:34 a.m.21 views

Third-Party Dependency in Crowd Data Center

Note: Aligning with our security bug fix policy|https://www.atlassian.com/trust/security/bug-fix-policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party...

9.4CVSS4.7AI score0.01735EPSS
Exploits1
atlassian
atlassian
added 2025/08/07 10:21 a.m.23 views

DoS (Denial of Service) in Crowd Data Center

This High severity DoS Denial of Service vulnerability was introduced in version 6.3.1 of Crowd Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.7, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disruptin...

7.5CVSS6.9AI score0.64718EPSS
Exploits1
vulncheck_kev
vulncheck_kev
added 2025/06/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-34022

A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/getfile.php script in the “Download Archive in Storage” page...

9.3CVSS5.8AI score0.00715EPSS
Exploits1References1
osv
osv
added 2024/06/24 5:15 p.m.5 views

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

5.3CVSS5.8AI score0.00335EPSS
Exploits0References2
freebsd
freebsd
added 2018/04/30 12:0 a.m.34 views

Gitlab -- multiple vulnerabilities

GitLab reports: Persistent XSS in Move Issue using project namespace Download Archive allowing unauthorized private repo access Mattermost Updates...

6.1CVSS4.2AI score0.00888EPSS
Exploits0References1
Rows per page
Query Builder