Lucene search
K

453 matches found

OSV
OSV
added 6 days ago5 views

PYSEC-2026-403 parisneo/lollms Local File Inclusion (LFI) attack

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

9.1CVSS7.3AI score0.01024EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.16 views

PT-2026-53077

Name of the Vulnerable Software and Affected Versions Frontend File Manager Plugin versions prior to 23.7 Description Authenticated users with Subscriber-level access can delete arbitrary files on the server, including sensitive files like wp-config.php, which may lead to a full site takeover. Th...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

SUSE SLES16: libsolv-demo / libsolv-devel / libsolv-devel-static / libsolv-tools / etc (SUSE-SU-2026:22172-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22172-1 advisory. Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available...

8.8CVSS6.2AI score0.006EPSS
Exploits0References27
NVD
NVD
added 2026/06/24 7:17 p.m.9 views

CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

6.3CVSS0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52066

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description Missing path sanitization during playback allows the use of a specially crafted MKV file with forged filename tags to redirect attachment extraction to any absolute path on the disk. This occurs...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 11:4 p.m.10 views

Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Impact dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes - path separators /, , parent-directory components .., and other filename-hostile characters e.g. : were preserved verbatim and...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : YARD vulnerability (USN-8394-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8394-1 advisory. It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An...

7.5CVSS5.7AI score0.00388EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/05 8:11 a.m.10 views

USN-8394-1: YARD vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0
OSV
OSV
added 2026/06/05 8:11 a.m.7 views

USN-8394-1 yard vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/03 2:32 a.m.16 views

SUSE CVE-2026-5422

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

8.1CVSS6.7AI score0.00437EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.11 views

RockyLinux 10 : libssh (RLSA-2026:18160)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18160 advisory. libssh: Buffer underflow in sshgethexa on invalid input CVE-2026-0966 libssh: Improper sanitation of paths received from SCP servers CVE-2026-0964...

8.2CVSS5.8AI score0.00582EPSS
Exploits0References11
Ubuntu
Ubuntu
added 2026/06/01 3:4 p.m.15 views

USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

6.4CVSS5.8AI score0.00243EPSS
Exploits0
OSV
OSV
added 2026/06/01 3:4 p.m.10 views

USN-8359-1 nncp vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 9:26 p.m.12 views

CVE-2026-44973 Billy: Path traversal vulnerabilities

Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:44 p.m.10 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 2:44 p.m.13 views

EUVD-2026-32910

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 2:54 p.m.15 views

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in node-tar

The npm package “tar” also known as node-tar in versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent the extraction of absolute file paths by converting absolute paths into relative...

8.2CVSS7AI score0.15014EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.12 views

libssh: Improper sanitation of paths received from SCP servers

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

6.3CVSS6.5AI score0.00408EPSS
Exploits0References5
Rows per page
Query Builder