Lucene search
K

949 matches found

Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30620

UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

6.2AI score0.00229EPSS
Exploits1References2
CVE
CVE
added 2026/04/06 12:0 a.m.11 views

CVE-2026-31062

CVE-2026-31062 affects UTT Aggressive 520W devices with firmware v3v1.7.7-180627. The issue is a buffer overflow in the filename parameter of the formFtpServerDirConfig function, leading to Denial of Service via crafted input. The connected sources consistently describe this as a DoS vulnerabilit...

4.5CVSS6.2AI score0.00229EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30588

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.7 views

griptape 路径遍历漏洞

Griptape is an open-source generative AI application development framework created by Griptape. Version 0.19.4 of Griptape contains a path traversal vulnerability, which stems from incorrect handling of the parameter filename, potentially leading to path traversal attacks...

6.5CVSS6.6AI score0.00422EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29923

Summary Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result,...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.4 views

CVE-2026-5015

A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

5.3CVSS4.3AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.5 views

CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

8.8CVSS6AI score0.02104EPSS
Exploits4References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.6 views

SUSE CVE-2026-33344

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

8.1CVSS5.8AI score0.00469EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.5 views

PT-2026-28729

Name of the Vulnerable Software and Affected Versions elecV2 versions up to 3.8.3 Description A flaw exists in elecV2, specifically within the Endpoint component. Manipulation of the filename argument in a function related to the /logs file can lead to cross-site scripting. This issue is...

5.3CVSS5.1AI score0.00263EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.10 views

elecV2P 代码注入漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the parameter filename by unknown functions in the...

5.3CVSS5.7AI score0.00263EPSS
Exploits0References6
CVE
CVE
added 2026/03/27 2:54 p.m.162 views

CVE-2026-5027

Langflow

8.8CVSS6AI score0.02104EPSS
In wildExploits4References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.7 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Langflow has a security vulnerability that stems from the lack of cleanup of the filename parameter in the multipart form data when the endpoint POST /api/v2/files is used. This...

8.8CVSS5.8AI score0.02104EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28741

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description A path traversal issue exists in the 'POST /api/v2/files' endpoint because the filename parameter from multipart form data is not sanitized. This allows an attacker to use path traversal sequences...

8.8CVSS6.9AI score0.02104EPSS
Exploits4References74
NVD
NVD
added 2026/03/26 8:16 p.m.7 views

CVE-2026-33528

GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...

6.5CVSS0.00502EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:24 p.m.1 views

CVE-2026-33528

GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...

6.5CVSS5.8AI score0.00502EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-23484

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.7 views

CVE-2026-33171

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...

4.3CVSS5.8AI score0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 7:23 p.m.30 views

CVE-2026-33344 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE,...

8.1CVSS0.00469EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 11:27 a.m.3 views

CVE-2019-25632

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...

6.9CVSS5.9AI score0.00557EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27624

Name of the Vulnerable Software and Affected Versions GoDoxy versions prior to 0.27.5 Description GoDoxy, a reverse proxy and container orchestrator, contains a path traversal flaw in the file content API endpoint at /api/v1/file/content. The filename query parameter is directly used in...

6.5CVSS5.8AI score0.00502EPSS
Exploits1References6
Rows per page
Query Builder