Lucene search
K

875 matches found

Nuclei
Nuclei
added yesterday51 views

LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS7AI score0.01957EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-57259

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local path...

6.5CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/07/06 8:16 p.m.5 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS0.00318EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/06 7:52 p.m.7 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/03 10:16 a.m.9 views

CVE-2026-12480

A flaw was found in Keras. An attacker can craft a malicious model archive or weights file containing a Virtual Dataset VDS that references external files on a victim's system. When a user loads this malicious model, the external file is transparently read. This vulnerability leads to information...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-255 AgentScope path traversal vulnerability in save-workflow

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS7.5AI score0.0091EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:52 p.m.6 views

CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...

6.5CVSS5.9AI score0.00263EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 4:15 p.m.35 views

CVE-2026-55677 Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS0.0043EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 9:18 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the BaseFileComponent.unpackbundle function. An attacker can access arbitrary fil...

9.6CVSS6.2AI score0.00411EPSS
Exploits1References2
OSV
OSV
added 2026/06/17 2:15 p.m.6 views

GHSA-VJQM-6GCC-62CR Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Summary Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two...

7.1CVSS5.7AI score0.00198EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49197

Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without sufficient validation,...

7.1CVSS5.4AI score0.00394EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/12 11:9 p.m.11 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the system.run safe-bin allowlist validation. An attacker can access arbitrary files and expose sensitive configuration data by injecti...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.11 views

CVE-2026-53825

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.10 views

Directory Traversal

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 5:21 a.m.8 views

Security Bulletin: IBM Automation Decision Services for May 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included...

9.8CVSS6.1AI score0.99931EPSS
Exploits42Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

EulerOS 2.0 SP11 : NetworkManager (EulerOS-SA-2026-2234)

According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allow...

3.3CVSS5.3AI score0.00162EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : NetworkManager (EulerOS-SA-2026-2196)

According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allow...

3.3CVSS5.5AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-45306

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storagefolder inside PKGDIR or userdir, but does NOT protect the Flask session directory /tmp/pyLoad/flask. An authenticated attacker can set storagefolder to...

6.5CVSS5.5AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44560

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

6.5CVSS5.5AI score0.00366EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35487

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS5.5AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder