Lucene search
K

105 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42769

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

6.2CVSS6AI score0.00268EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

9.8CVSS6AI score0.02147EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56969

Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An improper path containment check allows directory traversal and arbitrary file write. The safeMakeDir function and the extraction path validation use String.indexOf to verify if the resolved pat...

6.2CVSS6.2AI score0.00268EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 7:9 p.m.12 views

EUVD-2026-35400

TYPO3 CMS has Broken Access Control in its File Abstraction Layer...

2.1CVSS5.2AI score0.00356EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 7:9 p.m.10 views

GHSA-JF56-V8JC-JCC5 TYPO3 CMS has Broken Access Control in its File Abstraction Layer

Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...

2.1CVSS5.2AI score0.00356EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/12 7:9 p.m.17 views

TYPO3 CMS has Broken Access Control in its File Abstraction Layer

Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...

2.1CVSS5.2AI score0.00356EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS5.4AI score0.00356EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 10:53 a.m.2 views

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS5.9AI score0.00356EPSS
Exploits0References7
CVE
CVE
added 2026/06/09 10:53 a.m.32 views

CVE-2026-49738

CVE-2026-49738 concerns TYPO3 CMS where a flawed check in GeneralUtility::isAllowedAbsPath() uses a plain string prefix instead of a directory boundary, allowing path strings like /var/www/html-other/secret.yaml to pass when project root is /var/www/html. This enables administrator users with acc...

2.1CVSS6.1AI score0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:53 a.m.35 views

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS0.00356EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47746

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description A path allowance check in th...

2.1CVSS5.2AI score0.00356EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.16 views

CVE-2026-7397

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...

4.8CVSS5AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 1:26 p.m.24 views

CVE-2026-10861

An open redirect vulnerability affects MISP in UsersController::routeafterlogin(), where the pre_login_requested_url session key is used as the post-login redirect destination without enforcing that it is a local path. An unauthenticated attacker can lure a user to a trusted MISP instance and, af...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 1:26 p.m.12 views

CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

5.1CVSS5.8AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 1:26 p.m.46 views

CVE-2026-10861 MISP post-login open redirect via pre_login_requested_url

An open redirect vulnerability existed in MISP UsersController::routeafterlogin because the value stored in the preloginrequestedurl session key was used as the post-login redirect destination without sufficiently enforcing that it was a local application path. An unauthenticated remote attacker...

5.1CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46227

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An open redirect occurs in the routeafterlogin function of the UsersController because the value stored in the pre login requested url session key is used as the post-login redirect destination...

6.1CVSS5.5AI score0.00223EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.15 views

CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:18 p.m.45 views

CVE-2026-45982 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...

0.0013EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/26 7:40 p.m.9 views

CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References1
Rows per page
Query Builder