Lucene search
K

7377 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2025-210340

Flowise before 3.0.6 affected versions 2.2.8 and earlier contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value e.g., '../../../../../tmp' as the...

9.8CVSS6.3AI score0.00895EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53014

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Improper validation of the user-provided backup compression algorithm allows for argument injection in the constructed command line. The system validates the compression algorithm by checking...

9.9CVSS6.1AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53016

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An arbitrary file write exists in the Incus client that can lead to arbitrary command execution as root on the server. The issue occurs when the client processes a request with source.type=url...

9.9CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53010

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An issue exists where a specially crafted image can be used to read or create and write arbitrary files on the host, potentially leading to arbitrary command execution. The problem occurs becau...

9.9CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.39 views

CVE-2026-13218 Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 10:16 p.m.10 views

CVE-2025-71338

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...

10CVSS0.00639EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 10:16 p.m.8 views

CVE-2025-71334

Flowise before 3.0.6 affected versions 2.2.8 and earlier contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value e.g., '../../../../../tmp' as the...

9.8CVSS0.00895EPSS
Exploits1References4
CVE
CVE
added 2026/06/25 9:41 p.m.25 views

CVE-2025-71338

Flowise is affected by a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem by crafting unsanitized fileName parameters with ../ sequences. This can overwrite critical files (e.g., pac...

10CVSS6.7AI score0.00639EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.26 views

CVE-2025-71338 Flowise - Arbitrary File Write to Remote Code Execution via document-store API

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...

10CVSS0.00639EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.20 views

CVE-2025-71334 Flowise - Arbitrary File Access via Missing Chat Flow ID Validation

Flowise before 3.0.6 affected versions 2.2.8 and earlier contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value e.g., '../../../../../tmp' as the...

9.8CVSS0.00895EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/25 8:46 p.m.6 views

EUVD-2026-39562

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-54093

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 7:16 p.m.13 views

CVE-2026-50549

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...

9.8CVSS0.00638EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 7:14 p.m.6 views

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5344 Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host in github.com/boxlite-ai/boxlite/sdks/go

Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host in github.com/boxlite-ai/boxlite/sdks/go...

9.6CVSS5.9AI score0.00482EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5389 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution in github.com/enchant97/note-mark/backend

Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution in github.com/enchant97/note-mark/backend...

8.6CVSS6AI score0.00495EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 6:3 p.m.23 views

CVE-2026-53925

Summary of CVE-2026-53925 (Glances) In Glances, versions 4.0.8 through 4.5.5, the secure_popen() function in glances/secure.py parses shell-like operators (>, |, &&) in command strings without validating the target path or commands. When AMP module commands/service_cmd values are read from gla...

7.8CVSS6.1AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:3 p.m.29 views

CVE-2026-53925 Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:39 p.m.22 views

CVE-2026-54093

CVE-2026-54093 affects File Browser prior to v2.63.6, where archive entry names for zip/tar are built using Windows-style backslashes. On Linux, backslashes are preserved in names, allowing a Windows-style traversal like ....\evil.txt to be written on disk and then emitted verbatim in the archive...

6.8CVSS6AI score0.00189EPSS
Exploits0References1
Rows per page
Query Builder