Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/05/15 1:57 a.m.5 views

CVE-2026-45225

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.0004EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 10:16 p.m.7 views

CVE-2026-45225

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS0.0004EPSS
Exploits0References4
Snyk
Snykadded 2026/05/05 9:34 p.m.3 views

Directory Traversal

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Directory Traversal via the FormFlash process when the sessionid parameter mapped to form-flash-id in POST requests is not properly sanitized...

9.3CVSS6.3AI score0.00121EPSS
Exploits1References2
OSV
OSVadded 2026/03/27 12:49 a.m.3 views

CVE-2026-33747 BuildKit vulnerable to malicious frontend causing file escape outside of storage root

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

8.4CVSS6AI score0.00063EPSS
Exploits0References4
NVD
NVDadded 2025/09/10 7:15 a.m.3 views

CVE-2025-41714

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...

8.8CVSS0.01194EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/10 12:0 a.m.3 views

PT-2025-37013

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-41714 Description: The upload endpoint does not adequately validate the Upload-Key request header. An authenticated attacker can use path traversal sequences within the header to create files outside the intended storag...

8.8CVSS7.4AI score0.01194EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2023/02/15 4:1 a.m.1 views

SUSE CVE-2020-8227

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...

7.1CVSS6.5AI score0.00904EPSS
Exploits1References3
Rows per page
Query Builder