Lucene search
+L

7617 matches found

Cvelist
Cvelist
added 2026/07/10 5:59 p.m.38 views

CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS0.00207EPSS
Exploits1References3
CVE
CVE
added 2026/07/10 5:59 p.m.20 views

CVE-2026-53449

CVE-2026-53449 — Coturn : Before 4.13.0, the psd print sessions dump CLI command accepts a filename argument and passes it directly to fopen without path validation, enabling an authenticated admin with CLI access to overwrite arbitrary files writable by the coturn process with session dump data....

6CVSS6.2AI score0.00207EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/10 5:59 p.m.4 views

CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00207EPSS
Exploits1References5
CVE
CVE
added 2026/07/10 1:58 p.m.7 views

CVE-2026-60089

Prais onAI (pip package praisonaiagents) prior to version 1.6.78 is affected by a path-traversal issue: defaults loaded from a project-local .praisonai/config.toml can set defaults.output.output_file to an absolute or .. traversal path. If an Agent is started without an explicit output parameter,...

6.9CVSS6.1AI score0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 7:9 a.m.32 views

CVE-2026-40005 Apache IoTDB: Path Traversal in Pipe File Transfer Receiver

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 7:9 a.m.11 views

CVE-2026-40005

CVE-2026-40005 is a path traversal vulnerability in Apache IoTDB. The issue arises from improper limitation of a pathname to a restricted directory, allowing an attacker to write arbitrary files anywhere the IoTDB process has write permissions via an unsafe API. Affected versions are IoTDB 1.0.0 ...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/10 5:14 a.m.5 views

decompress: decompress: path traversal via indexOf containment bypass allows arbitrary file write (bypass of CVE-2020-12265 fix)

A flaw was found in the decompress component. An improper path containment check allows a local attacker to perform directory traversal. This vulnerability, when combined with unvalidated symlink creation, enables an attacker to write arbitrary files to directories outside the intended extraction...

6.2CVSS6.1AI score0.00268EPSS
Exploits1References8
EUVD
EUVD
added 2026/07/10 12:31 a.m.8 views

EUVD-2026-42769

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

6.2CVSS6AI score0.00268EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 10:17 p.m.9 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

6.2CVSS0.00268EPSS
Exploits1References4
NVD
NVD
added 2026/07/09 6:16 p.m.11 views

CVE-2026-61343

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...

8.6CVSS0.0084EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 5:46 p.m.5 views

CVE-2026-61343

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...

8.6CVSS6.2AI score0.0084EPSS
Exploits1References6
CVE
CVE
added 2026/07/09 5:46 p.m.17 views

CVE-2026-61343

CVE-2026-61343 — LibreBooking : The email template editor’s save action passes the submitted template name directly into the destination file path. This allows an administrator-authenticated attacker to write arbitrary files outside the template directory and execute code. This vulnerability affe...

8.6CVSS6.2AI score0.0084EPSS
Exploits1References5
OSV
OSV
added 2026/07/09 4:16 p.m.6 views

ALPINE-CVE-2026-42486

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 4:16 p.m.7 views

CVE-2026-42486

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS0.0014EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/09 8:43 a.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/09 8:43 a.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 7:16 a.m.6 views

CVE-2026-47826

The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...

9.1CVSS0.00337EPSS
Exploits0References1
Rows per page
Query Builder