Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

101355 matches found

CVE
CVEadded 2026/06/10 2:0 p.m.10 views

CVE-2026-45550

Roxy-WI exposes an IDOR on PUT /smon/check in versions ≤ 8.2.6.4. The flaw gates only on roxywi_common.check_user_group_for_flask(), validating the caller has some group rather than that the target check_id belongs to it. Downstream update_smon, update_smonHttp, update_smonTcp, update_smonPing, a...

9.1CVSS5.8AI score0.00196EPSS
Exploits0References1
CVE
CVEadded 2026/06/10 1:55 p.m.7 views

CVE-2026-53476

The CVE-2026-53476 vulnerability affects the assisted-migration-agent and is triggered by an unauthenticated attacker on the same LAN who crafts a gzipped tarball to exploit a path traversal flaw, bypassing security checks and writing arbitrary files to the system. This leads to potential unautho...

9.6CVSS5.9AI score0.00291EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/06/10 1:55 p.m.31 views

CVE-2026-53476 Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS0.00291EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/10 1:55 p.m.8 views

EUVD-2026-36033

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS5.9AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/10 1:55 p.m.8 views

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS5.9AI score0.00291EPSS
Exploits0References4
OSV
OSVadded 2026/06/10 1:22 p.m.4 views

SUSE-SU-2026:2347-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264...

9.1CVSS7.1AI score0.00522EPSS
Exploits1References3
SUSE Linux
SUSE Linuxadded 2026/06/10 1:22 p.m.4 views

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issue CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

8.6CVSS6.4AI score0.00522EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/06/10 1:5 p.m.6 views

CVE-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

5.5AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 1:0 p.m.7 views

CVE-2026-34183

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

7.5CVSS5.1AI score0.00531EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/10 12:41 p.m.31 views

CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.3CVSS0.00384EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/06/10 12:41 p.m.5 views

CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.3CVSS5.6AI score0.00384EPSS
Exploits1References2
EUVD
EUVDadded 2026/06/10 12:41 p.m.7 views

EUVD-2026-36015

Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...

6.3CVSS5.6AI score0.00384EPSS
Exploits1References2
CVE
CVEadded 2026/06/10 12:41 p.m.25 views

CVE-2026-52756

CVE-2026-52756 affects Ghidra before 12.2. The IsfServer component accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation, enabling unauthenticated path traversal. Remote attackers can connect to port 54321 and send crafted protob...

6.5CVSS5.6AI score0.00384EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/06/10 12:41 p.m.31 views

CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS0.0016EPSS
Exploits1References2
EUVD
EUVDadded 2026/06/10 12:41 p.m.5 views

EUVD-2026-36014

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS6AI score0.0016EPSS
Exploits1References2
CVE
CVEadded 2026/06/10 12:41 p.m.39 views

CVE-2026-52755

Ghidra prior to version 12.0.4 is affected by a path traversal vulnerability in the theme import functionality. An attacker can craft theme ZIP files containing traversal sequences in filenames to write outside the intended theme directory, enabling arbitrary code execution or modification of sen...

8.4CVSS6AI score0.0016EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/06/10 12:39 p.m.31 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS0.0016EPSS
Exploits1References2
CVE
CVEadded 2026/06/10 12:39 p.m.20 views

CVE-2026-52752

CVE-2026-52752 affects Ghidra prior to 12.0.2. The path traversal flaw is in the extension installer and arises from insufficient validation of ZIP entry names during extraction, allowing crafted extensions with ../ sequences to write files outside the intended directory and potentially achieve c...

8.4CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/06/10 12:39 p.m.5 views

EUVD-2026-36011

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.0016EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/06/10 12:39 p.m.3 views

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

8.4CVSS5.8AI score0.0016EPSS
Exploits1References2
Rows per page
Query Builder