Lucene search
K

6918 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.21 views

Amazon Linux 2023 : postgresql18, postgresql18-contrib, postgresql18-llvmjit (ALAS2023-2026-1780)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1780 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...

8.8CVSS6.8AI score0.00668EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

MiracleLinux 8 : vim-8.0.1763-23.el8_10.ML.1 (AXSA:2026-765:13)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-765:13 advisory. vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Tenable has extracted the preceding description block...

7.1CVSS5.6AI score0.00126EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.16 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00469EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2026-2054)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious SCP server can send unexpected paths that could make the client application override local files outside of working...

8.2CVSS6.8AI score0.58204EPSS
Exploits9References7
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.15 views

RHEL 8 : vim (RHSA-2026:22730)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22730 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via...

7.1CVSS5.6AI score0.00126EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

RHEL 9 : vim (RHSA-2026:22717)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22717 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via...

7.1CVSS5.6AI score0.00126EPSS
Exploits0References5
NVD
NVD
added 2026/06/05 10:16 p.m.11 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS0.00469EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.12 views

CVE-2026-42780

A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.6AI score0.00886EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-20161

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

5.5CVSS5.6AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-31927

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

4.9CVSS5.6AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-3772

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

8.8CVSS5.6AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 7:16 p.m.15 views

CVE-2026-46399

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

9.4CVSS0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-31843

The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...

10CVSS6.4AI score0.01941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-4351

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the PMCS::actionhandler method processing the bulk action activate/deactivate handlers without any authorization check or nonce verificatio...

8.1CVSS5.7AI score0.00408EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 6:13 p.m.11 views

EUVD-2026-34880

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

9.4CVSS6.1AI score0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 6:13 p.m.25 views

CVE-2026-46399

CVE-2026-46399 affects HAX CMS with PHP backend prior to v26.0.0. The vulnerability is an authenticated file overwrite that allows an attacker to configure malicious Git filter commands, leading to code execution on the HAX CMS server. The issue is specific to the PHP version before 26.0.0; the f...

9.4CVSS6.1AI score0.00291EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:13 p.m.13 views

CVE-2026-46399

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

9.4CVSS6.1AI score0.00291EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/06/05 12:4 p.m.9 views

RLSA-2026:22711 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

4.1CVSS5.5AI score0.00126EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/05 12:4 p.m.13 views

vim security update

An update is available for vim. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

7.1CVSS5.5AI score0.00126EPSS
Exploits0
OSV
OSV
added 2026/06/05 12:3 p.m.8 views

RLSA-2026:22717 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

4.1CVSS5.5AI score0.00126EPSS
Exploits0References2
Rows per page
Query Builder