Lucene search
K

118 matches found

Snyk
Snyk
added 2026/03/07 2:19 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /export endpoint. An attacker can access arbitrary files on the server filesystem, including sensitive configuration files containing secrets, by sending specially crafted requests with double-encoded travers...

10CVSS6.2AI score0.01028EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/07 2:19 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /export endpoint. An attacker can access arbitrary files on the server filesystem, including sensitive configuration files containing secrets, by sending specially crafted requests with double-encoded travers...

10CVSS6.2AI score0.01028EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/07 2:19 a.m.9 views

SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

Summary A path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token,...

9.8CVSS6.5AI score0.01028EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.5 views

PT-2026-24073

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.10 Description A path traversal flaw exists in the /export endpoint, allowing an attacker to read arbitrary files from the server filesystem. Exploitation involves using double-encoded traversal sequences to access...

9.8CVSS6.4AI score0.01028EPSS
Exploits5References140
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.10 views

CVE-2026-27153

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in canexportentity?. The method allowed moderators to export any entity not explicit...

5.3CVSS5.9AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 1:29 p.m.6 views

CVE-2026-1582

The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison == instead of strict...

3.7CVSS5.6AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/12 10:48 p.m.2 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3
CVE
CVE
added 2026/02/12 10:48 p.m.18 views

CVE-2019-25342

CVE-2019-25342 affects Centova Cast 3.2.12. The vulnerability is a denial-of-service in which repeatedly calling the database export API endpoint (via /api.php) with crafted parameters and multiple concurrent requests can drive the system to 100% CPU. Metrics indicate high impact to availability ...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/12 1:3 a.m.6 views

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

7.5CVSS5.5AI score0.00494EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

Centova Cast 安全漏洞

Centova Cast is an internet-based broadcast streaming media management control panel developed by Centova Corporation in Canada. Version 3.2.12 of Centova Cast contains a security vulnerability. This vulnerability stems from the repeated invocation of the database export API endpoint, which could...

7.5CVSS5.8AI score0.004EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 12:0 a.m.12 views

CVE-2024-26477

CVE-2024-26477 affects Statping-ng v0.91.0. An issue allows an attacker to obtain sensitive information through crafted requests to the api parameter of the oauth, amazon_sns, and export endpoints, leading to information disclosure. This vulnerability is documented across multiple sources (Red Ha...

7.5CVSS5.5AI score0.00494EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.4 views

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

5.5AI score0.00494EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

statping-ng 安全漏洞

Statping-ng is an open-source server monitoring software developed by Statping-ng. Version 0.91.0 of Statping-ng contains a security vulnerability. This vulnerability stems from improper handling of specially crafted requests for endpoint API parameters such as oauth, amazonsns, and export, which...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References4
OSV
OSV
added 2026/02/11 12:0 a.m.8 views

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

7.5CVSS5.9AI score0.00494EPSS
Exploits1References6
OSV
OSV
added 2026/02/02 12:31 p.m.2 views

GHSA-WJ3H-WX8G-X699 H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References3
NVD
NVD
added 2026/02/02 11:16 a.m.7 views

CVE-2024-5986

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS0.00629EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/02 10:36 a.m.6 views

EUVD-2024-55393

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.6 views

CVE-2024-5986

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5651

Name of the Vulnerable Software and Affected Versions h2o-3 version 3.46.0.1 Description A flaw exists in h2o-3 that permits remote attackers to write arbitrary data to any file on the server. The issue is due to exploiting the /3/Parse API endpoint to inject attacker-controlled data as the heade...

9.1CVSS9.1AI score0.00629EPSS
Exploits0References11
EUVD
EUVD
added 2026/01/30 2:43 p.m.8 views

EUVD-2026-4966

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac...

6CVSS5.9AI score0.0042EPSS
Exploits0References2
Rows per page
Query Builder