Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/17 5:50 p.m.11 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 5:50 p.m.92 views

CVE-2026-48818

CVE-2026-48818 concerns Starlette’s StaticFiles on Windows. In versions up to 1.0.1, when handling UNC paths (for example, \attacker.com\share), os.path.realpath can initiate an outbound SMB connection before the path is rejected, triggering SSRF and exposing the service account’s NTLMv2 credenti...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References10Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/05 4:15 p.m.2 views

CVE-2022-39838

Systematic FIX Adapter ALFAFX 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames...

8.6CVSS5.8AI score0.01602EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2022/08/10 8:16 p.m.3 views

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

9.8CVSS7.3AI score0.53389EPSS
Exploits0References3
Rows per page
Query Builder