Lucene search
K

538 matches found

Snyk
Snyk
added 2026/04/22 5:41 p.m.8 views

Directory Traversal

Overview i18next-http-backend is an i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno. Affected versions of this package are vulnerable to Directory Traversal or other URL manipulation, via unsanitized interpolation of lng and ns values in the...

6.9CVSS6.3AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35374

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

6.3CVSS0.00074EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 4:9 p.m.34 views

CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

6.3CVSS0.00074EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 12:31 a.m.5 views

EUVD-2026-24506

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

6.3CVSS5.9AI score0.0026EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34510

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

6.3CVSS5.8AI score0.00074EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 9:9 p.m.44 views

CVE-2026-6829 nesquena hermes-webui Arbitrary Workspace Directory Access

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

6.3CVSS0.0026EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.4 views

CVE-2026-6570

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...

5.1CVSS5.4AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/19 12:31 p.m.8 views

EUVD-2026-23697

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...

5.1CVSS5.4AI score0.00301EPSS
Exploits0References5
NVD
NVD
added 2026/04/19 12:16 p.m.9 views

CVE-2026-6570

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...

5.1CVSS0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/19 11:0 a.m.5 views

CVE-2026-6570 kodcloud KodExplorer systemMember.class.php initInstall authorization

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...

5.1CVSS5.4AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 11:0 a.m.42 views

CVE-2026-6570 kodcloud KodExplorer systemMember.class.php initInstall authorization

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...

5.1CVSS0.00301EPSS
Exploits0References4
CVE
CVE
added 2026/04/19 11:0 a.m.16 views

CVE-2026-6570

CVE-2026-6570 affects kodcloud KodExplorer up to version 4.52. The vulnerability is in the function initInstall of /app/controller/systemMember.class.php. A manipulation of the path argument allows an authorization bypass, with the attack potentially executable remotely. The exploit has been rele...

5.1CVSS5.4AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.5 views

PT-2026-33628

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has be...

5.1CVSS5.4AI score0.00301EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/17 6:31 a.m.10 views

EUVD-2026-23374

A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The attack is considered to have high complexity. It is indicated that...

7.3CVSS6.1AI score0.0015EPSS
Exploits0References7
Veracode
Veracode
added 2026/04/16 7:35 a.m.8 views

Arbitrary File Deletion

Gin-vue-admin is vulnerable to arbitrary file deletion. The vulnerability is due to improper validation of the FileMd5 parameter, which allows an attacker to manipulate file paths and delete arbitrary files or folders on the server...

9.1CVSS5.9AI score0.00506EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/04/15 1:9 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 11:16 p.m.5 views

CVE-2026-27290

Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could...

8.6CVSS0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.5 views

CVE-2026-5574

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

9.1CVSS6.2AI score0.00544EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 10:16 a.m.6 views

CVE-2026-5644

A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.php. Performing a manipulation of the argument $SERVER'PHPSELF' results in cross site scripting...

4.8CVSS0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/05 2:45 p.m.5 views

CVE-2026-5574

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

6.9CVSS6.2AI score0.00544EPSS
Exploits1References4
Rows per page
Query Builder