Lucene search
+L

2535 matches found

NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 8:10 p.m.5 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS6.1AI score0.00138EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-630 Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system...

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS6.1AI score0.00136EPSS
Exploits0References5
CVE
CVE
added 2026/06/23 5:40 p.m.44 views

CVE-2026-54318

Affected software: Home Assistant Android components. Vulnerability: LocationSensorManager BroadcastReceiver was exported with no permission prior to 2026.5.3, allowing any local app (zero runtime permissions) to broadcast a forged Google Play Services LocationResult to spoof the device’s locatio...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/23 5:40 p.m.4 views

CVE-2026-54318 Home Assistant: Exported BroadcastReceiver allows local apps to spoof device location

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51577

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...

7.1CVSS5.8AI score0.00113EPSS
Exploits1References9
OSV
OSV
added 2026/06/18 8:14 p.m.6 views

GHSA-W9HF-3PP7-PVXV OpenClaw: Exported session HTML could keep unsafe markdown links

Summary Exported session HTML could keep unsafe markdown links. In affected versions, content rendered into an exported session could preserve unsafe javascript: or data: links in generated HTML. This advisory is scoped to the named feature and configuration. It does not change OpenClaw's...

6.1CVSS5.6AI score0.00188EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:17 p.m.15 views

CVE-2026-53841

OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links in generated content. Attackers can execute browser-side scripts if a trusted operator opens the exported file and activates a malicious link...

6.1CVSS0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:4 p.m.23 views

CVE-2026-53841

OpenClaw prior to version 2026.5.12 exposes a stored cross-site scripting risk in exported session HTML. The vulnerability arises because the exported content preserves unsafe javascript: and data: links, enabling browser-side scripts when a trusted operator opens the exported file and activates ...

6.1CVSS5.1AI score0.00188EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49758

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description Exported session HTML preserves unsafe javascript: and data: links in generated content. This allows for the execution of browser-side scripts if a trusted operator opens the exported file and...

6.1CVSS5.5AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47750

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.19 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6347

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the exported plugi...

7.6CVSS5.4AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 10:15 a.m.13 views

EUVD-2026-34806

Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration...

4.8CVSS5.4AI score0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:15 a.m.8 views

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

6.9CVSS5.8AI score0.00093EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:15 a.m.8 views

CVE-2026-21029

Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations...

6.8CVSS5.6AI score0.00093EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/02 8:36 a.m.102 views

multi-layered-security-assessment

Advanced Network Attack and Defense: Multi-Layered Assessment...

7.2CVSS7.2AI score0.83524EPSS
Exploits82
OSV
OSV
added 2026/05/28 9:31 a.m.4 views

GHSA-MPMF-3W4R-QFPF KubeVirt has a Link Following issue

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.9AI score0.00516EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/28 8:15 a.m.14 views

EUVD-2026-32748

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...

7.7CVSS5.8AI score0.00516EPSS
Exploits0References2
Rows per page
Query Builder