Lucene search
K

7 matches found

Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59948 Composer: Arbitrary file write outside vendor via malicious transitive package name

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS0.00132EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 11:4 a.m.5 views

EUVD-2026-40288

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path onmetadatareceived, reached from the BEP...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 1:2 a.m.10 views

EUVD-2026-10341

Actual Sync Server has an Authenticated Path Traversal...

5.3CVSS5.8AI score0.00377EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.8 views

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

6.5CVSS5.9AI score0.00632EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/28 12:0 a.m.7 views

EUVD-2025-206457

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

5.1CVSS5.9AI score0.00632EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-50087

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU4 SR1 Description A path traversal issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can write arbitrary files to locations outside the intended directory. User interactio...

8CVSS6.9AI score0.01171EPSS
Exploits0References6
NVD
NVD
added 2025/11/07 4:15 a.m.9 views

CVE-2025-64184

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...

8.8CVSS0.00443EPSS
Exploits0References2
Rows per page
Query Builder