Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/11 9:9 p.m.8 views

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

8.7CVSS5.8AI score0.00053EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/01 12:0 a.m.0 views

PT-2026-36506

Name of the Vulnerable Software and Affected Versions AGL app-framework-main versions 17.1.12 and earlier Description A Zip Slip path traversal issue combined with a Time-of-Check to Time-of-Use TOCTOU race condition exists in the widget installation flow. The is valid filename function in...

9.8CVSS5.9AI score0.00185EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/04/01 12:0 a.m.2 views

PT-2026-29660

Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character name. Details character name is used unsafely as part of the destination filename an...

8.1CVSS5.9AI score0.00075EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/02/25 10:58 a.m.2 views

CVE-2025-11563

A flaw was found in wcurl. This vulnerability allows a remote attacker to manipulate the location where output files are saved. By crafting a malicious URL with percent-encoded slashes, the attacker can trick the wcurl command-line tool into writing files outside of the intended directory. This...

6.5CVSS5.6AI score0.0002EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/02/23 8:57 p.m.3 views

CVE-2026-23521 Traccar vulnerable to Path Traversal and External Control of File Name or Path

Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device uniqueId to an absolute path. When uploading a device image, Traccar uses that uniqueId to build the filesystem path...

6.5CVSS5.4AI score0.00089EPSS
Exploits1References1
OSV
OSVadded 2025/03/20 12:32 p.m.1 views

GHSA-75PX-35P4-QQ6H Aim External Control of File Name or Path vulnerability

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...

9.1CVSS6AI score0.00145EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/11/16 12:0 a.m.2 views

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

9.8CVSS8.2AI score0.05706EPSS
Exploits1References4
Rows per page
Query Builder