CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

RedhatCVE•added 2026/06/05 7:16 p.m.•6 views

CVE-2026-42275

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a...

8.7CVSS5.4AI score0.0033EPSS

Exploits0References1

NVD•added 2026/05/11 10:22 p.m.•10 views

CVE-2026-42600

MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...

6.9CVSS0.00505EPSS

Exploits0References1

NVD•added 2026/05/08 4:16 a.m.•11 views

CVE-2026-42275

8.7CVSS0.0033EPSS

Exploits0References3

Cvelist•added 2026/05/08 3:45 a.m.•32 views

CVE-2026-42275 zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

8.7CVSS0.0033EPSS

Exploits0References3

CVE•added 2026/05/08 3:45 a.m.•26 views

CVE-2026-42275

The CVE-2026-42275 issue affects zrok’s WebDAV drive backend (davServer.Dir) where symbolic links inside the shared DriveRoot are not prevented from pointing outside the root. This allows remote WebDAV clients to read files and, on shares with lax OS permissions, overwrite files anywhere on the h...

8.7CVSS5.8AI score0.0033EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/08 3:45 a.m.•6 views

CVE-2026-42275

8.7CVSS5.8AI score0.0033EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/08 3:45 a.m.•6 views

CVE-2026-42275 zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

8.7CVSS5.8AI score0.0033EPSS

Exploits0References3

EUVD•added 2026/05/08 3:45 a.m.•9 views

EUVD-2026-28511

8.7CVSS5.8AI score0.0033EPSS

Exploits0References3

Github Security Blog•added 2026/05/05 8:5 p.m.•9 views

MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the MinIO process UID...

6.9CVSS6.9AI score0.00505EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/04/25 11:34 p.m.•10 views

zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

8.7CVSS5.7AI score0.0033EPSS

Exploits0References5Affected Software2

OSV•added 2026/04/25 11:34 p.m.•4 views

GHSA-74M3-9QVM-RP9H zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

8.7CVSS5.9AI score0.0033EPSS

Exploits0References5

Positive Technologies•added 2026/04/25 12:0 a.m.•7 views

PT-2026-37189

Name of the Vulnerable Software and Affected Versions zrok versions prior to 2.0.2 Description The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but fails to prevent symlink following. If a symbolic link within the shared DriveRoot points to a...

8.7CVSS5.8AI score0.0033EPSS

Exploits0References7

EUVD•added 2026/03/25 6:30 a.m.•3 views

EUVD-2026-15192

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS6.2AI score0.00191EPSS

Exploits0References4

Cvelist•added 2026/03/25 5:11 a.m.•19 views

CVE-2026-33253

8.4CVSS0.00191EPSS

Exploits0References3

Positive Technologies•added 2026/03/25 12:0 a.m.•2 views

PT-2026-27639

8.4CVSS7AI score0.00191EPSS

Exploits0References5

Vulnrichment•added 2026/02/09 6:59 a.m.•4 views

CVE-2026-24466

Products provided by Oki Electric Industry Co., Ltd. and its OEM products Ricoh Co., Ltd., Murata Machinery, Ltd. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS6AI score0.00137EPSS

Exploits0References5

CVE•added 2025/12/09 8:29 a.m.•8 views

CVE-2025-66271

CVE-2025-66271 affects ELECOM Clone for Windows, where the software registers a Windows service with an unquoted file path (unquoted service path). The root cause is an unquoted path in the service configuration, enabling a local attacker with write access to the system drive root to execute arbi...

8.4CVSS7.4AI score0.0013EPSS

Exploits0References2

NVD•added 2025/11/05 7:15 a.m.•3 views

CVE-2025-62225

Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS0.00135EPSS

Exploits0References2

Cvelist•added 2025/11/05 6:19 a.m.•6 views

CVE-2025-62225

8.4CVSS0.00135EPSS

Exploits0References2

Positive Technologies•added 2025/11/05 12:0 a.m.•3 views

PT-2025-45085

Name of the Vulnerable Software and Affected Versions Roboticsware products affected versions not specified Description Multiple Roboticsware products register Windows services with unquoted file paths. A user with write permission to the system drive’s root directory may execute arbitrary code...

8.4CVSS7.3AI score0.00135EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by