Lucene search
K

19 matches found

NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-55488

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS0.00623EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/24 3:3 p.m.4 views

EUVD-2026-38804

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS6AI score0.00623EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 3:3 p.m.38 views

CVE-2026-55488 motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS0.00623EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 3:3 p.m.23 views

CVE-2026-55488

CVE-2026-55488 (motionEye) is an absolute path traversal in motionEye prior to 0.44.0, affecting media file handlers that accept a user-controlled filename and build paths with os.path.join(). When an absolute path is provided, the target directory is ignored and the attacker-controlled path is u...

8.7CVSS6AI score0.00623EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

CIPPlanner CIPAce 安全漏洞

CIPPlanner CIPAce is a business process automation and application development platform provided by the American company CIPPlanner. Versions of CIPPlanner CIPAce prior to version 9.17 contained security vulnerabilities. These vulnerabilities were due to access control defects in the File Downloa...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/04 6:52 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/04 6:52 p.m.3 views

Directory Traversal

Overview github.com/alist-org/alist/v3/server/handles is a file listing program powered by Gin and Solidjs Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized...

9.9CVSS6.4AI score0.00721EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.12 views

AList 路径遍历漏洞

AList is a file list program developed by Xhofe, a developer from China. Versions of AList prior to 3.57.0 had a path traversal vulnerability. This vulnerability stemmed from vulnerabilities in multiple file operation handlers, which could lead to unauthorized file operations...

8.8CVSS5.8AI score0.00721EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/02 10:24 p.m.26 views

CVE-2026-25059 OpenList affected by Path Traversal in file copy and remove handlers

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

8.8CVSS0.00598EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.10 views

OpenList Frontend 路径遍历漏洞

OpenList Frontend is an open-source application developed by the OpenList Team, designed to protect open-source projects from trust-based attacks. Versions of OpenList Frontend prior to 4.1.10 contained a path traversal vulnerability. This vulnerability stemmed from file operation handlers that...

8.8CVSS5.7AI score0.00598EPSS
Exploits1References3
Veracode
Veracode
added 2023/02/06 6:25 a.m.18 views

Cross-site Scripting (XSS)

eta is vulnerable to Cross-site Scripting XSS. The vulnerability exists in file-handlers.ts due to improper user-input sanitization from the Express API allowing an attacker to inject and execute malicious JavaScript...

8.6CVSS6AI score0.00614EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/04/20 4:26 p.m.9 views

kernel: fget: check that the fd still exists after getting a ref to it

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

7CVSS6.6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/19 4:29 p.m.10 views

kernel: fget: check that the fd still exists after getting a ref to it

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

7CVSS6.6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/05 5:30 p.m.3 views

kernel: fget: check that the fd still exists after getting a ref to it

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on...

7CVSS6.6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/22 3:58 p.m.7 views

kernel: Use After Free in unix_gc() which could result in a local privilege escalation

A vulnerability was found in unixdgramrecvmsg in net/unix/afunix.c in the Linux kernel's garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their...

6.9CVSS6.8AI score0.00811EPSS
Exploits0References6
CVE
CVE
added 2018/09/11 3:0 p.m.152 views

CVE-2018-1114

CVE-2018-1114 corresponds to an Undertow issue where URLResource.getLastModified() closes file descriptors only when finalized, enabling a file descriptor leak and potential exhaustion. The vulnerability is evidenced in multiple sources (GHSA- GJJX-GQM4-WCGM, Red Hat advisories) describing an unc...

6.5CVSS6.2AI score0.02329EPSS
Exploits0References6Affected Software3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

eRoom 6.0 Plug-In Insecure File Download Handling Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2005/07/06 12:0 a.m.14 views

eRoom 6.0 PlugIn - Insecure File Download Handling

eRoom 6.0 PlugIn - Insecure File Download Handling source: https://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/07/06 12:0 a.m.24 views

eRoom 6.0 PlugIn - Insecure File Download Handling

source: https://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when downloaded. This can occur without user...

7.4AI score
Exploits0
Rows per page
Query Builder