Lucene search
+L

3313 matches found

cve
cve
added yesterday6 views

CVE-2026-53598

The CVE-2026-53598 issue affects Prompty (.prompty) loaders that expanded ${file:...} references in frontmatter before 2.0.0-beta.2, allowing an attacker-controlled prompt to read local files via absolute paths, .. traversal, or symlink escapes. Root cause: path confinement was not enforced durin...

7.5CVSS6.1AI score
Exploits0References2
cve
cve
added yesterday9 views

CVE-2026-56456

Technical details such as affected versions, components, root cause, and remediation are not provided in the supplied documents. Monitor for updates.

5.3CVSS6.1AI score
Exploits0References1
nuclei
nuclei
added yesterday20 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS6.2AI score0.17393EPSS
Exploits1References3
euvd
euvd
added 2 days ago4 views

EUVD-2026-44625

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS6.2AI score0.00248EPSS
Exploits0References2
nvd
nvd
added 2 days ago9 views

CVE-2026-8920

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS0.0009EPSS
Exploits0References1
cve
cve
added 2 days ago9 views

CVE-2026-8920

The vulnerability CVE-2026-8920 concerns ASUS Aura Wallpaper Service. It describes Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path, enabling a local user to perform file operations by sending crafted commands that contain an arbitrary ...

8.5CVSS6.2AI score0.0009EPSS
Exploits0References1
nvd
nvd
added 3 days ago3 views

CVE-2026-15749

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

5.3CVSS0.0014EPSS
Exploits0References6
euvd
euvd
added 3 days ago3 views

EUVD-2026-44541

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

5.3CVSS5.9AI score0.0014EPSS
Exploits0References6
mscve
mscve
added 3 days ago8 views

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00313EPSS
Exploits0
osv
osv
added 3 days ago4 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
nvd
nvd
added 4 days ago9 views

CVE-2026-15521

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component updatenodefromfile. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit is...

5.3CVSS0.00137EPSS
Exploits0References6
cve
cve
added 4 days ago9 views

CVE-2026-26396

OpenBMB XAgent v1.0.0 and earlier are affected by a path traversal in the file() function within XAgent/XAgentServer/application/routers/workspace.py. The input parameter filename is user-controllable and concatenated into the file path without proper validation, enabling potential disclosure of ...

7.5CVSS6AI score0.00746EPSS
Exploits0References1
nvd
nvd
added 5 days ago11 views

CVE-2026-15507

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS0.00333EPSS
Exploits0References5
euvd
euvd
added 6 days ago9 views

EUVD-2026-43174

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS6.1AI score0.00147EPSS
Exploits0References3
nvd
nvd
added last week8 views

CVE-2026-60089

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS0.00141EPSS
Exploits0References3
euvd
euvd
added last week7 views

EUVD-2026-42855

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
osv
osv
added last week4 views

OPENSUSE-SU-2026:21290-1 Security update for sssd

This update for sssd fixes the following issues - CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation bsc1270709. - CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication...

8.8CVSS6.1AI score0.00501EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/09 9:45 p.m.31 views

CVE-2026-15274 lo48576 fbxcel Node Header parser.rs denial of service

A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the file src/pullparser/v7400/parser.rs of the component Node Header Handler. The manipulation results in denial of service. The attack must be initiated from a local position. The exploit is now public an...

4.8CVSS0.0012EPSS
Exploits0References7
snyk
snyk
added 2026/07/09 8:43 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...

9.1CVSS7.3AI score0.00337EPSS
Exploits0References2
redhat
redhat
added 2026/07/09 5:22 a.m.5 views

Moderate: Red Hat Security Advisory: perl:5.32 security update

An update for the perl:5.32 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

5.9CVSS6AI score0.0037EPSS
Exploits0References2
Rows per page
Query Builder