CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-30233

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

6.1CVSS6AI score0.00006EPSS

Exploits1References3

NVD•added 2026/04/02 6:16 p.m.•2 views

CVE-2026-34522

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in /api/chats/import allows an authenticated attacker to...

8.1CVSS0.00075EPSS

Vulnrichment•added 2026/04/02 5:31 p.m.•2 views

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

5.4CVSS5.8AI score0.00034EPSS

Exploits0References3

ATTACKERKB•added 2026/04/02 5:13 p.m.•0 views

CVE-2026-34522

Exploits1References3Affected Software1

CVE•added 2026/04/02 5:13 p.m.•5 views

CVE-2026-34522

SillyTavern has a path traversal vulnerability in /api/chats/import (pre-1.17.0). Unsanitized character_name is used to build the destination path with path.join, enabling write of attacker-controlled files outside the chats directory. Fix: upgrade to version 1.17.0 (patch already released).

Exploits1References2Affected Software1

Vulnrichment•added 2026/04/02 5:13 p.m.•1 views

CVE-2026-34522 SillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory

Cvelist•added 2026/04/02 5:13 p.m.•19 views

CVE-2026-34522 SillyTavern: Path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory

8.1CVSS0.00075EPSS

8.4CVSS6.4AI score0.00018EPSS

CVE-2026-30287

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Exploits1References1

8.4CVSS6.4AI score0.0002EPSS

CVE-2026-30291

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Exploits0References1

8.4CVSS6.4AI score0.00019EPSS

CVE-2026-30289

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Exploits1References1

8.4CVSS6.4AI score0.0002EPSS

CVE-2026-30292

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Exploits0References1

CNNVD•added 2026/04/02 12:0 a.m.•5 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.17.0 contained security vulnerabilities. These vulnerabilities were due to path traversal vulnerabilities in the/api/chats/import API, which could allow authenticated attackers t...