Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

656 matches found

CNNVD
CNNVDadded 2026/05/27 12:0 a.m.5 views

pip 安全漏洞

pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which arises from the use of a specially crafted entry point name during the installation of malicious Python wheels. This can lead to arbitrary file overwriting...

4.1CVSS5.9AI score0.00025EPSS
Exploits0References4
Snyk
Snykadded 2026/05/08 5:19 a.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pdfContext.setOption process. An attacker can access arbitrary files readable by the PHP worker by uploading a crafted PDF invoice template that triggers the embedding of file contents into the generated PDF...

5.1CVSS6.3AI score0.00071EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/10 12:0 a.m.3 views

WordPress plugin Perfmatters 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.9AI score0.00021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/06 5:54 p.m.3 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS6.8AI score0.00072EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.4 views

Directus 安全漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.1 contained a security vulnerability. This vulnerability stemmed from the TUS recoverable upload endpoint, which only performed...

8.1CVSS6AI score0.00013EPSS
Exploits0References2
OSV
OSVadded 2026/03/26 12:37 p.m.3 views

CLSA-2026-1774528630 openssh: Fix of 3 CVEs

CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...

6.8CVSS7AI score0.54213EPSS
Exploits9References1
Snyk
Snykadded 2026/03/25 7:38 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the readDir API endpoint. An attacker can access and enumerate arbitrary directories and retrieve file names by sending crafted requests to the endpoint. Details A Directory Traversal attack also known as path...

9.8CVSS6.9AI score0.00031EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/03/03 12:0 a.m.3 views

Zdir Pro 安全漏洞

Zdir Pro is a multi-functional private storage program developed by Zdir Pro Company in China. The version 4.x of Zdir Pro contains a security vulnerability. This vulnerability stems from a path traversal vulnerability in the ZIP extraction API, which may lead to file writes being performed outsi...

9.1CVSS6.2AI score0.00204EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/02/25 2:28 p.m.3 views

CVE-2026-27606

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

9.8CVSS6.5AI score0.00398EPSS
Exploits1References10
CNNVD
CNNVDadded 2026/02/11 12:0 a.m.3 views

BusyBox 安全漏洞

BusyBox is a set of applications developed by Denis Vlasenko from Ukraine. It contains multiple Linux commands and tools. BusyBox has a security vulnerability, which stems from an incomplete cleanup of the archive extraction tool’s path. This could lead to arbitrary file overwriting when extracti...

7CVSS7.3AI score0.00114EPSS
Exploits2References4
CNNVD
CNNVDadded 2026/02/04 12:0 a.m.3 views

NavigaTUM 安全漏洞

NavigaTUM is a navigation tool software developed by TUM Developers. Previous versions of NavigaTUM, such as 86f34c7, had security vulnerabilities. These vulnerabilities stemmed from the proposeedits endpoint not clearing file paths properly, which could lead to path traversal and file overwritin...

8.8CVSS5.8AI score0.00058EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/01/09 12:43 p.m.5 views

CVE-2005-1846

Multiple directory traversal vulnerabilities in YaMT before 0.52 allow attackers to overwrite arbitrary files via the 1 rename or 2 sort options...

5CVSS7.2AI score0.00378EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:5 a.m.6 views

CVE-2019-20851

An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device...

9.1CVSS7AI score0.00794EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:57 a.m.10 views

CVE-2020-12006

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control...

9.8CVSS7AI score0.04154EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:27 a.m.2 views

CVE-2019-12573

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...

7.1CVSS6.8AI score0.00032EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2026/01/05 7:1 p.m.4 views

tar: Tar path traversal

A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ ‘-k’, the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to...

4.1CVSS5.8AI score0.0013EPSS
Exploits1References7
CNNVD
CNNVDadded 2025/10/17 12:0 a.m.0 views

YtGrabber-TUI 安全漏洞

YtGrabber-TUI is the interface of a software by the individual developer of Женя Бородин. A security vulnerability exists in YtGrabber-TUI version 1.0, which stems from a TOCTOU competition condition during the creation of the default configuration file config.json, which could lead to arbitrary...

6.3CVSS6.8AI score0.0001EPSS
Exploits0References3
OSV
OSVadded 2025/10/07 7:11 p.m.2 views

CLSA-2025-1759864289 git: Fix of CVE-2025-46835

CVE-2025-46835: prevent malicious creating and overwriting of user's files...

8.5CVSS7.3AI score0.00037EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2014-0041

Malware in sbrugna...

4.4CVSS8.6AI score0.00098EPSS
Exploits1References14
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2006-3323

Malware in sbrugna...

2.6CVSS6.4AI score0.01429EPSS
Exploits1References6
Rows per page
Query Builder