CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

144 matches found

PYSEC-2026-181

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00092EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•6 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the management router did not perform authentication on performance analysis endpoints, which could...

8.8CVSS5.8AI score0.00075EPSS

Exploits0References1

OSV•added 2026/03/18 11:16 a.m.•3 views

UBUNTU-CVE-2026-23247

In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...

5.5CVSS5.7AI score0.00017EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 12:17 p.m.•7 views

CVE-2018-10523

CMS Made Simple CMSMS through 2.2.7 contains a physical path leakage Vulnerability via /modules/DesignManager/action.ajaxgettemplates.php, /modules/DesignManager/action.ajaxgetstylesheets.php, /modules/FileManager/dunzip.php, or /modules/FileManager/untgz.php...

5.3CVSS6.7AI score0.00477EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:17 p.m.•4 views

CVE-2018-10082

CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...

5.3CVSS6.7AI score0.00289EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:9 a.m.•3 views

CVE-2019-11626

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request...

5.3CVSS6.6AI score0.00356EPSS

Exploits1References1

AlpineLinux•added 2026/01/05 10:52 p.m.•2 views

CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS6.7AI score0.00053EPSS

Exploits0

EUVD•added 2025/12/05 5:47 p.m.•2 views

EUVD-2025-201462

Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is...

2.4CVSS6AI score0.00032EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-2595

Malware in sbrugna...

5.3CVSS5.5AI score0.00477EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-2164

Malware in sbrugna...

5.3CVSS5.5AI score0.00289EPSS

Exploits1References2