Lucene search
K

1576 matches found

Nuclei
Nuclei
added yesterday46 views

LoLLMS WebUI - Subfolder Prediction via Path Traversal

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. id: CVE-2024-4841 info: name: LoLLMS WebUI - Subfolder Prediction via Path...

4CVSS6.1AI score0.00674EPSS
Exploits1
NVD
NVD
added 2 days ago6 views

CVE-2026-61505

Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...

6.9CVSS0.00452EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-49970 Laravel-Mediable < 7.0.0 Path Traversal via File::sanitizePath()

Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination. Attackers can exploit the permissive...

8.8CVSS0.00771EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-61505

Vulnerability summary: Rejetto HFS versions 3.0.0–3.2.0 are affected by a path traversal via the lang parameter, allowing a remote, unauthenticated attacker to read certain JSON files outside shared folders. The impact is constrained to files matching a narrow naming/format pattern, with no indic...

6.9CVSS6.1AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-61505 Rejetto HFS < 3.2.1 Limited File Disclosure via Path Traversal in lang Parameter

Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...

6.9CVSS6.1AI score0.00452EPSS
Exploits0References5
OSV
OSV
added 2 days ago4 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.1CVSS6.1AI score0.00173EPSS
Exploits0References5
Cvelist
Cvelist
added last week36 views

CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 6:49 p.m.8 views

EUVD-2026-41208

Craft CMS: Missing peer-permission check in AssetsController::actionDeleteFolder allows deletion of other users' assets...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 4:15 p.m.35 views

CVE-2026-50282 Craft CMS: Unauthorized Deletion of Destination Folders During Forced Moves

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 4:15 p.m.7 views

CVE-2026-50282

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 4:15 p.m.29 views

CVE-2026-50282

Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 4:15 p.m.3 views

CVE-2026-50282 Craft CMS: Unauthorized Deletion of Destination Folders During Forced Moves

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.9AI score0.00207EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:5 p.m.2 views

CVE-2026-56768 Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.7CVSS6AI score0.00381EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 6:5 p.m.6 views

EUVD-2026-39520

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.17 views

Oracle VM VirtualBox (June 2026 CSPU)

The 7.2.8 versions of VM VirtualBox installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.8...

7.5CVSS6AI score0.00167EPSS
Exploits0References12
NVD
NVD
added 2026/06/17 10:40 a.m.10 views

CVE-2026-35275

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Shared Folders. The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

7.5CVSS0.00123EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:5 a.m.12 views

Vulnerabilities in Oracle VM VirtualBox

Oracle has identified several vulnerabilities in Oracle VM VirtualBox version 7.2.8. These vulnerabilities are located in various components of Oracle VM VirtualBox 7.2.8, including the Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.27 views

PT-2026-49850

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the Shared Folders component of Oracle VM VirtualBox. A low-privileged attacker with logon access to the infrastructure where the software executes can compromise the system...

7.5CVSS5.9AI score0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 8:7 p.m.11 views

GHSA-3V8V-4WG6-R7QH TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

7.2CVSS5.3AI score0.00238EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 8:7 p.m.13 views

EUVD-2026-35392

TYPO3 CMS: Destructive Actions on File Mount Folders...

7.2CVSS5.2AI score0.00238EPSS
Exploits0References6
Rows per page
Query Builder