Lucene search
+L

142 matches found

Cvelist
Cvelist
added yesterday25 views

CVE-2026-57848 Stoat for Android Internal File Disclosure via Exported ShareTargetActivity URI Validation

Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component reachable to any process on the device via the android.intent.action.SEND intent and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filte...

6.8CVSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-57848

CVE-2026-57848 concerns Stoat for Android where the exported ShareTargetActivity does not validate the incoming android.intent.extra.STREAM URI before using it as the outgoing attachment. An attacker able to invoke intents can supply a file:// URI pointing to the app’s internal storage (e.g., dat...

6.8CVSS5.5AI score
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-56456

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-56456

Technical details such as affected versions, components, root cause, and remediation are not provided in the supplied documents. Monitor for updates.

5.3CVSS6.1AI score0.0024EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44924

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.4 views

openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw

A flaw was found in OpenSSH. The internal-sftp component within sshd incorrectly processes command-line arguments, recognizing only the first nine. This limitation can prevent the application of intended security configurations for SFTP SSH File Transfer Protocol connections, potentially leading ...

5.4CVSS6AI score0.00177EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/08 12:9 a.m.7 views

EUVD-2026-42139

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS6AI score0.00177EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 6:24 p.m.39 views

CVE-2026-46393

The CVE-2026-46393 entry documents an authenticated SSRF in HAXcms createSite. In affected versions prior to 26.0.0, a malicious build.files input lets an authenticated user cause server-side requests (via file_get_contents on attacker-controlled tmp_name), enabling fetches of arbitrary internal/...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:45 p.m.16 views

CVE-2026-9567

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

4.8CVSS5.3AI score0.00115EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:56 p.m.10 views

CVE-2026-48133

When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway...

7.5CVSS5.8AI score0.0475EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/05 7:15 p.m.12 views

podman-desktop: Podman Desktop: Denial of Service and Information Disclosure via unauthenticated HTTP server

A flaw was found in Podman Desktop. A remote attacker can exploit an unauthenticated HTTP server, which lacks proper connection limits and timeouts, to trigger denial-of-service DoS conditions. This can lead to application crashes or a complete host freeze. Additionally, verbose error responses...

9.1CVSS5.7AI score0.00474EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.13 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from certain system behaviors that may allow exploration of internal file system structures, potentially leading to information leaks...

5.3CVSS5.8AI score0.00116EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 8:35 p.m.16 views

GHSA-QV7J-4883-HWH7 Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...

5.9CVSS5.9AI score0.00209EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.6 views

CVE-2026-30289

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

8.4CVSS6.4AI score0.00205EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29330

An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

6.4AI score0.00617EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/23 9:43 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fromUrl function. An attacker can access sensitive files on the server by supplying a crafted URL, such as a file:// scheme, which is processed without proper validation. This allows the attacker...

6.9CVSS5.9AI score0.00383EPSS
Exploits1References2
CNVD
CNVD
added 2026/03/19 12:0 a.m.5 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15153)

HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...

6.5CVSS5.9AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform. HCL AION suffers from a security vulnerability that originates from an internal file system path being exposed via an application response, which can be exploited by an attacker to cause information disclosure...

6.5CVSS5.8AI score0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 9:16 p.m.13 views

CVE-2026-25511

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a full SSRF via the WOPI service discovery URL, including access to internal hosts/ports. The...

8.2CVSS0.00396EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.8 views

CVE-2025-69429

The ORICO NAS CD3510 version V1.9.12 and below contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the...

6.1CVSS5.5AI score0.00281EPSS
Exploits1References1
Rows per page
Query Builder