Lucene search
K

465 matches found

Vulnrichment
Vulnrichment
added 2026/04/20 1:0 a.m.3 views

CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

5.3CVSS5.2AI score0.00366EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

ComfyUI 安全漏洞

ComfyUI is the most powerful and modular diffusion model GUI and backend developed by comfyanonymous individuals. Versions of ComfyUI prior to 0.13.0 contain security vulnerabilities, which stem from improper handling of parameter names in the folderpaths.getannotatedfilepath function within fold...

5.3CVSS5.8AI score0.00366EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33355

Name of the Vulnerable Software and Affected Versions opam versions prior to 2.5.1 Description A directory traversal issue exists where a .install field containing a destination filepath can use ../ to reach a parent directory. Recommendations Update to version 2.5.1...

7.3CVSS6.2AI score0.0018EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/04/04 4:59 a.m.4 views

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

9.6CVSS6AI score0.00421EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/03 6:31 p.m.3 views

EUVD-2026-18801

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

9.6CVSS6AI score0.00421EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/03 12:0 a.m.17 views

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

0.00421EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/03 12:0 a.m.2 views

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

6AI score0.00421EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 12:0 a.m.2 views

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

9.6CVSS6AI score0.00421EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.10 views

Stackfield Desktop App 安全漏洞

The Stackfield Desktop App is a project management tool developed by the German company Stackfield. Versions of the Stackfield Desktop App prior to 1.10.2 contained security vulnerabilities. These vulnerabilities stemmed from specific decryption functions that allowed path traversal when handling...

9.6CVSS5.9AI score0.00421EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.2 views

CVE-2026-23485

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...

6.9CVSS5.8AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/03/23 9:17 p.m.4 views

CVE-2026-23485

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...

6.9CVSS0.00302EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/23 8:50 p.m.4 views

CVE-2026-23485 Blinko: Unauthorized Path Traversal File Enumeration - music-metadata

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...

6.9CVSS5.8AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.6 views

CVE-2026-2830

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 9:31 a.m.4 views

EUVD-2026-10004

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/03/06 8:46 a.m.6 views

WordPress WP All Import plugin <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath' vulnerability

Reflected Cross-Site Scripting via 'filepath' vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WP All Import versions = 4.0.0...

6.1CVSS5.8AI score0.00215EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/06 8:16 a.m.7 views

CVE-2026-2830

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS0.00215EPSS
Exploits0References5
CVE
CVE
added 2026/03/06 7:22 a.m.20 views

CVE-2026-2830

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (WordPress plugin) is listed as vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in versions up to and including 4.0.0 due to insufficient input sanitization and output escaping. The CVE notes unauthen...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:22 a.m.5 views

CVE-2026-2830

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/06 7:22 a.m.5 views

CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/06 7:22 a.m.30 views

CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'

The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...

6.1CVSS0.00215EPSS
Exploits0References5
Rows per page
Query Builder