Lucene search
K

15945 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/06 9:33 p.m.3 views

CVE-2026-35412

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint /files/tus allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only...

7.1CVSS6.1AI score0.00302EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/06 9:33 p.m.14 views

CVE-2026-35412 Directus has a TUS Upload Authorization Bypass Allows Arbitrary File Overwrite

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint /files/tus allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only...

7.1CVSS0.00302EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 9:33 p.m.14 views

CVE-2026-35412

Directus prior to 11.16.1 is vulnerable to an authorization bypass in the TUS resumable upload endpoint (/files/tus). The TUS controller only performs collection-level authorization on directus_files and does not validate item-level access for the target file, allowing any authenticated user with...

8.1CVSS6.1AI score0.00302EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 9:33 p.m.2 views

CVE-2026-35412 Directus has a TUS Upload Authorization Bypass Allows Arbitrary File Overwrite

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint /files/tus allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only...

7.1CVSS6.1AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 8:47 p.m.4 views

CVE-2026-35177

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS6AI score0.00126EPSS
Exploits0References4
NVD
NVD
added 2026/04/06 8:16 p.m.5 views

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS0.00112EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 7:6 p.m.17 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS0.00112EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:6 p.m.4 views

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/06 7:6 p.m.22 views

CVE-2026-35180

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35180 due to a CSRF vulnerability in the site customization endpoint (admin/customize_settings_nativeUpdate.json.php) that lacks CSRF validation and writes uploaded logo files to disk before ORM domain checks. Combined with SameSite=No...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/06 7:6 p.m.7 views

EUVD-2026-19454

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 7:6 p.m.1 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 6:16 p.m.2 views

ALPINE-CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 6:16 p.m.6 views

CVE-2026-35050

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

9.1CVSS0.00438EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 6:16 p.m.2 views

UBUNTU-CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/06 6:16 p.m.3 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/06 5:54 p.m.24 views

CVE-2026-35177 Path traversal issue with zip.vim in Vim

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS0.00126EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 5:54 p.m.4 views

EUVD-2026-19426

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS6.8AI score0.00731EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 5:54 p.m.2 views

CVE-2026-35177 Path traversal issue with zip.vim in Vim

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

4.1CVSS6AI score0.00126EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 5:54 p.m.74 views

CVE-2026-35177

CVE-2026-35177 affects Vim with the zip.vim plugin prior to 9.2.0280. The issue is a path traversal bypass that can overwrite arbitrary files when opening crafted zip archives, circumventing the prior fix for CVE-2025-53906. The vulnerability is fixed in Vim 9.2.0280. Connected sources also note ...

7.1CVSS6.8AI score0.00126EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/06 5:54 p.m.3 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS6AI score0.00731EPSS
Exploits1References1
Rows per page
Query Builder