CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/29 6:17 p.m.•9 views

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS0.00056EPSS

Cvelist•added 2026/05/29 5:6 p.m.•30 views

CVE-2026-47179 Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane

7.7CVSS0.00056EPSS

Vulnrichment•added 2026/05/29 5:6 p.m.•6 views

CVE-2026-47179 Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane

EUVD•added 2026/05/29 5:6 p.m.•8 views

EUVD-2026-33369

ATTACKERKB•added 2026/05/29 5:6 p.m.•6 views

CVE-2026-47179

Exploits0References3Affected Software1

CVE•added 2026/05/29 5:6 p.m.•16 views

CVE-2026-47179

Summary: Arcane exposes an authenticated arbitrary host-file read via Docker Compose include directives. Prior to version 1.19.4, GetProjectFileContent could read any include file declared in a project’s compose file, even outside the project, because CreateProject bypassed include-path validatio...

NVD•added 2026/05/29 2:16 p.m.•7 views

CVE-2026-44239

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

8.8CVSS0.00053EPSS

EUVD•added 2026/05/29 12:42 p.m.•7 views

EUVD-2026-33297

7.6CVSS6AI score0.00053EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44901

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

6.1AI score0.00234EPSS

Exploits0References3

CVE•added 2026/05/29 12:0 a.m.•12 views

CVE-2026-39276

The CVE-2026-39276 vulnerability affects Emlog Pro v2.6.9, where the template upload feature is vulnerable to path traversal. An authenticated administrator can upload a crafted ZIP archive containing directory traversal sequences in filenames, enabling arbitrary PHP code execution. This can resu...

7.2CVSS6.1AI score0.00234EPSS

OSV•added 2026/05/28 10:39 p.m.•5 views

GHSA-C3PX-H233-H6FQ Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...

Github Security Blog•added 2026/05/28 10:39 p.m.•15 views

Exploits0References3

Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives

Exploits0References3Affected Software1

OSV•added 2026/05/28 4:16 p.m.•3 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score0.0009EPSS

NVD•added 2026/05/28 4:16 p.m.•13 views

CVE-2026-45017

8.2CVSS0.0009EPSS