Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5009 matches found

Github Security Blog
Github Security Blogadded 2026/04/04 6:43 a.m.8 views

pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)

Summary The fix for CVE-2026-33509 GHSA-r7mc-x6x7-cqxx added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the Flask session directory is outside both...

8.8CVSS6.6AI score0.00113EPSS
Exploits2References7Affected Software1
Snyk
Snykadded 2026/04/04 6:4 a.m.2 views

Directory Traversal

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Directory Traversal via the fileUpload and the createTempFolder function. An attacker can delete arbitrary directories and write files to any location accessible by the Node.js process by...

8.7CVSS6.5AI score0.00061EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/04/04 6:4 a.m.7 views

Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write

Summary The plugin file upload endpoint POST /api/plugin/upload passes the user-supplied filename directly to createTempFolder without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary...

8.7CVSS6.7AI score0.00061EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/04 12:0 a.m.2 views

CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the...

6.5CVSS6.1AI score0.0001EPSS
Exploits0References1
CVE
CVEadded 2026/04/04 12:0 a.m.7 views

CVE-2026-34779

In CVE-2026-34779, Electron apps on macOS that call app.moveToApplicationsFolder() may expose arbitrary AppleScript execution due to an AppleScript fallback path not handling certain characters in the application bundle path. The issue affects Electron usage of moveToApplicationsFolder and can oc...

7.8CVSS6.1AI score0.0001EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.3 views

PT-2026-30341

Name of the Vulnerable Software and Affected Versions pyLoad affected versions not specified Description pyLoad, a Python-based download manager, has a flaw where a user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store. This allows planting a maliciou...

8.8CVSS6.5AI score0.00113EPSS
Exploits2References14
RedhatCVE
RedhatCVEadded 2026/04/03 11:2 p.m.1 views

CVE-2026-33271

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image Windows before build 42902...

6.7CVSS6.7AI score0.00012EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/03 12:31 p.m.0 views

EUVD-2026-18625

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...

7.3CVSS5.9AI score0.00022EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/03 12:31 p.m.2 views

EUVD-2026-18623

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

7.3CVSS5.9AI score0.00019EPSS
Exploits0References2
NVD
NVDadded 2026/04/03 12:16 p.m.0 views

CVE-2026-4107

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...

7.3CVSS0.00022EPSS
Exploits0References1
NVD
NVDadded 2026/04/03 12:16 p.m.2 views

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

7.3CVSS0.00019EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/03 11:44 a.m.2 views

CVE-2026-4107 Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...

7.3CVSS5.9AI score0.00022EPSS
Exploits0References1
CVE
CVEadded 2026/04/03 11:44 a.m.7 views

CVE-2026-4107

CVE-2026-4107 affects Zohocorp ManageEngine Exchange Reporter Plus, with stored XSS in the Folder Message Count and Size report for versions before 5802. The CVSS v3.1 base score is 7.3 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: Low, User Interaction: Required,...

7.3CVSS5.9AI score0.00022EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/03 11:44 a.m.14 views

CVE-2026-4107 Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...

7.3CVSS0.00022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/03 11:44 a.m.0 views

CVE-2026-4107

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...

7.3CVSS5.9AI score0.00022EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/03 11:41 a.m.2 views

CVE-2026-3880 Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

7.3CVSS5.9AI score0.00019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/03 11:41 a.m.2 views

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

7.3CVSS5.9AI score0.00019EPSS
Exploits0References2
CVE
CVEadded 2026/04/03 11:41 a.m.10 views

CVE-2026-3880

ManageEngine Exchange Reporter Plus (Zohocorp) versions before 5802 are vulnerable to a Stored XSS flaw in the Public Folder Client Permissions report. The issue allows injected script via the affected report, with CVSSv3.1 metrics indicating a HIGH base score (7.3), remote attack vector, low att...

7.3CVSS5.9AI score0.00019EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/03 11:41 a.m.17 views

CVE-2026-3880 Stored XSS Vulnerability

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

7.3CVSS0.00019EPSS
Exploits0References1
Snyk
Snykadded 2026/04/03 2:46 a.m.2 views

Command Injection

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Command Injection in the app.moveToApplicationsFolder function on macOS when handling application bundle paths containing...

7.8CVSS6.2AI score0.0001EPSS
Exploits0References2
Rows per page
Query Builder