Lucene search
K

102935 matches found

Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-8023 Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read

Zephyr's HTTP server subsys/net/lib/http provides a static-filesystem resource type HTTPRESOURCETYPESTATICFS, available when CONFIGFILESYSTEM is enabled that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled...

7.5CVSS0.00691EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-8023

CVE-2026-8023 concerns Zephyr’s HTTP server static-filesystem resource handler, where HTTP/1 and HTTP/2 front-ends copied the raw request path into a buffer without removing dot segments. This allowed path traversal to escape the configured web root and read arbitrary files after the filesystem r...

7.5CVSS6AI score0.00691EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-10647

The CVE concerns the USB CDC-NCM driver (subsys/usb/device_next/class/usbd_cdc_ncm.c) in Zephyr. The code ignores the return value of usbd_ep_enqueue() in cdc_ncm_send(); when enqueue fails, it still calls k_sem_take(&data-sync_sem, K_FOREVER), waiting on a completion that is only signaled from t...

5.3CVSS6AI score0.00134EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-46417

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...

8.8CVSS5.8AI score0.0021EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...

7.8CVSS0.00125EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-43732

A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...

6.5CVSS0.00255EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago3 views

kernel: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()

A flaw was found in the Linux kernel's RDMA/mlx5 component. An error path fall-through in the mlx5ibdevressrqinit function, specifically when ibcreatesrq fails, can lead to the use of freed memory and error pointers. This memory corruption vulnerability could result in system instability, denial ...

7.8CVSS7AI score0.00142EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago3 views

kernel: RDMA/umem: Fix double dma_buf_unpin in failure path

A flaw was found in the Linux kernel's RDMA/umem subsystem. A memory management error, specifically a double unpin of a dmabuf, can occur in a failure path during dmabuf pinning operations. This vulnerability could lead to system instability or a crash, resulting in a Denial of Service DoS...

7.8CVSS7AI score0.00139EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-43732

A path handling issue was addressed with improved validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may disclose sensitive user information...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References4
CVE
CVE
added 5 days ago11 views

CVE-2026-43732

CVE-2026-43732 describes a path handling issue in WebKit used by Safari and Apple OS components. The vulnerability arises from insufficient validation in path handling when processing web content, potentially allowing disclosure of sensitive user information. Apple fixes are included in Safari 26...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References3Affected Software4
RedHat Linux
RedHat Linux
added 5 days ago3 views

perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access

A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...

9.1CVSS5.9AI score0.0043EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: perl-Archive-Tar security update

An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS6AI score0.0043EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago4 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS7AI score0.00388EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-11720

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...

9.3CVSS0.00374EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40146

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...

9.3CVSS5.8AI score0.00374EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-11720

The CVE-2026-11720 entry describes a path traversal flaw in the HTTP tool URL builder of googleapis/mcp-toolbox. User-controlled pathParams are substituted into a configured tool path and then parsed as a relative URL; while scheme/host/user info are checked, final resolution uses ResolveReferenc...

9.3CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-57954 Elide 7.1.17 - Permission Bypass in Sort Expression Validation

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS0.00168EPSS
Exploits0References2
Patchstack
Patchstack
added 5 days ago4 views

WordPress PixMagix – WordPress Image Editor plugin <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter vulnerability

Authenticated Author+ Path Traversal in 'layers.id' Parameter vulnerability discovered by devploit in WordPress Plugin PixMagix WordPress Image Editor versions = 1.7.2...

6.5CVSS5.8AI score0.00541EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago10 views

CVE-2026-13748

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-13748

CVE-2026-13748 affects Snowflake CLI prior to 3.19. The vulnerability arises from improper restriction of file path resolution, allowing an attacker-controlled repository or project content to cause the CLI to read arbitrary local files and transmit or embed their contents during deployment or SQ...

6.3CVSS6AI score0.00139EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder