Lucene search
K

98 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40351

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

PYSEC-2026-338 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Technical Description The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the buildurl method. When an OpenAPI...

10CVSS6AI score0.00988EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/06/23 6:32 p.m.9 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in RustC

In the standard library of Rust before 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...

8.2CVSS7.6AI score0.02025EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/17 6:5 p.m.12 views

Open WebUI: Any authenticated user can read other users' private notes via Socket.IO

Summary The ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores documentid.replace":", "". An attacker can join a document room using no...

5.3CVSS5.8AI score0.00268EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/10 8:33 p.m.5 views

GHSA-78V8-VPJP-CJQH PDM wheel installation leads to Path Traversal via overridden write_to_fs

InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...

7.1CVSS5.6AI score0.00047EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.49 views

CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS0.00219EPSS
Exploits0References4
CVE
CVE
added 2026/05/13 1:27 p.m.21 views

CVE-2026-4609

The CVE-2026-4609 entry concerns the WordPress plugin ProfileGrid – User Profiles, Groups and Communities. Affected versions are all up to and including 5.9.8.4. The vulnerability stems from a missing capability check in the pm_invite_user function, allowing authenticated users with Subscriber-le...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 1:27 p.m.7 views

CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/13 10:47 a.m.10 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Group Joining vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.8.4...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:9 a.m.12 views

OpenSearch has ineffective TLS certificate hostname verification

Description A regression was introduced in OpenSearch 2.18.0 that caused the plugins.security.ssl.transport.enforcehostnameverification setting to be ineffective. When this setting was enabled, OpenSearch did not verify that the hostname in a connecting node's TLS certificate matched the hostname...

5.8AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:22 a.m.3 views

CVE-2026-33182

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/23 2:9 p.m.4 views

CVE-2019-25544

A flaw was found in Pidgin. Local attackers can exploit this denial of service vulnerability by providing an excessively long username string during account creation. This can cause the application to crash when joining a chat, leading to the application becoming unavailable...

6.9CVSS5.7AI score0.00187EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/21 3:33 p.m.3 views

EUVD-2019-19837

Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat,...

6.9CVSS6AI score0.00187EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/20 8:43 p.m.12 views

Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal

Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...

7.5CVSS6AI score0.03256EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/12 4:31 p.m.5 views

CVE-2026-24125 Path Traversal in @tinacms/graphql

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25007

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References2
CVE
CVE
added 2026/03/10 5:27 p.m.14 views

CVE-2026-30969

CVE-2026-30969 affects Coral Server prior to version 1.1.0, where active-session authentication between agents and the server was not enforced. An attacker who could obtain or predict a session identifier could impersonate an agent or join an existing session. The issue is resolved in version 1.1...

9.1CVSS5.8AI score0.00381EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/21 7:18 a.m.6 views

CVE-2026-27467 BigBlueButton: Audio from participants to the server initially unmuted

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

2CVSS5.5AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.5 views

PT-2026-21365

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

2CVSS5.5AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder