Lucene search
K

188 matches found

Nuclei
Nuclei
added 5 hours ago478 views

Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...

7.5CVSS7AI score0.18245EPSS
Exploits16References4
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-57011

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated administrator or API-token user can exfiltrate sensitive files from the host system. The 'POST /api/file/globalCopyFiles' endpoint accepts absolute source paths and uses the...

4.9CVSS6.1AI score0.00278EPSS
Exploits0References6
CVE
CVE
added 2026/07/06 7:31 p.m.22 views

CVE-2026-50133

CVE-2026-50133 affects Hugo, a static site generator. The issue: before v0.162.0, content files mapped to text/html (e.g., HTML under /content or via adapters setting content.mediaType = "text/html") had their body emitted verbatim, enabling stored cross-site scripting if untrusted HTML content i...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.4 views

Vim 9.2.0320 < 9.2.0679 Out-of-Bounds Read (GHSA-ww8h-47xp-hp4w)

The version of Vim installed on the remote host is between 9.2.0320 and 9.2.0679 exclusive. It is, therefore, affected by a vulnerability. - A crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays...

6.8CVSS5.9AI score0.00119EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.6CVSS7AI score0.0217EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2026/06/23 2:58 p.m.10 views

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

6.6CVSS6.5AI score0.00501EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

TencentOS Server 4: vim (TSSA-2026:0300)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0300 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.6CVSS5.6AI score0.00501EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-45036

Summary An authenticated Admidio member with upload rights on any one folder can permanently delete files from folders where they have only view access. The authorization check at the top of modules/documents-files.php evaluates upload rights against the attacker-supplied folder uuid URL paramete...

6.5CVSS5.8AI score0.00025EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:43 p.m.14 views

CVE-2026-28261

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading...

7.8CVSS5.8AI score0.00107EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/31 12:8 a.m.5 views

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin <= 1.1.4 - Sensitive Information Exposure via Views Files vulnerability

WordPress Truebooker - Appointment Booking and Scheduler Plugin plugin = 1.1.4 - Sensitive Information Exposure via Views Files vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin TrueBooker versions = 1.1.4...

5.3CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 7:0 p.m.5 views

CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...

9.3CVSS5.9AI score0.0052EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/03/09 10:48 p.m.5 views

EUVD-2026-10424

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

6.3CVSS5.8AI score0.00052EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.6 views

CVE-2026-26002

Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...

9.8CVSS5.8AI score0.00533EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 12:16 a.m.7 views

CVE-2026-2605

Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS...

5.3CVSS5.8AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20954

Tanium addressed an insertion of sensitive information into log file vulnerability in Trends...

6.5CVSS5.4AI score0.00306EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Siemens Simcenter Femap和Siemens Simcenter Nastran 安全漏洞

Siemens Simcenter Femap and Siemens Simcenter Nastran are both products of German company Siemens. Siemens Simcenter Femap is a state-of-the-art engineering simulation application. It is used for creating, editing, and importing/reusing finite element analysis models for complex products or...

7.8CVSS6.1AI score0.00131EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/06 12:0 a.m.9 views

actix-files has a possible exposure of information vulnerability

When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files...

5.9AI score
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.9 views

Autodesk 3ds Max 代码问题漏洞

Autodesk 3ds Max is a full-featured 3D computer graphics software developed by Autodesk, Inc. There are code vulnerabilities in Autodesk 3ds Max. These vulnerabilities stem from the use of untrusted search paths when opening max files, which may lead to the execution of arbitrary code...

7.8CVSS6.1AI score0.00182EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 8 : perl-CPAN-2.18-402.el8_10 (AXSA:2025-9982:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9982:02 advisory. perl-CPAN: Bypass of verification of signatures in CHECKSUMS files CVE-2020-16156 Tenable has extracted the preceding description block directly from the...

7.8CVSS7.8AI score0.00791EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.9 views

CVE-2019-20529

In core/doctype/preparedreport/preparedreport.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files no authentication is required to access; having a link is sufficient instead of private files...

7.5CVSS6.9AI score0.01329EPSS
Exploits0References1
Rows per page
Query Builder