Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

101394 matches found

NVD
NVDadded 2026/06/09 1:16 p.m.7 views

CVE-2017-20250

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS0.00641EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/09 12:36 p.m.8 views

EUVD-2026-35433

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

5.4AI score0.00156EPSS
Exploits0References4
CVE
CVEadded 2026/06/09 12:36 p.m.16 views

CVE-2026-52904

The CVE-2026-52904 entry covers a Linux kernel issue in drm/nouveau where nvkm_device leaks occur if aperture_remove_conflicting_pci_devices() fails during probe. The allocated nvkm_device from nvkm_device_pci_new() is not unwound on error, leaking both the device wrapper and the pci_enable_devic...

5.4AI score0.00156EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/09 11:48 a.m.25 views

CVE-2017-20250 WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS0.00641EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/09 11:48 a.m.5 views

EUVD-2017-18976

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
CVE
CVEadded 2026/06/09 11:48 a.m.12 views

CVE-2017-20250

CVE-2017-20250 affects WordPress plugin Mac Photo Gallery 3.0 through a path traversal vulnerability in macdownload.php that allows unauthenticated attackers to download arbitrary files (e.g., wp-load.php) by manipulating the albid parameter. Reported impact includes potential high confidentialit...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/09 11:48 a.m.7 views

CVE-2017-20250 WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
CVE
CVEadded 2026/06/09 11:48 a.m.12 views

CVE-2017-20248

CVE-2017-20248 affects the WordPress plugin Apptha Slider Gallery 1.0. It describes a path traversal vulnerability in asgallDownload.php that lets unauthenticated attackers download arbitrary files by supplying directory traversal sequences (e.g., ../) via the imgname parameter. CVSS scores in th...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/09 11:48 a.m.24 views

CVE-2017-20248 WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

8.7CVSS0.00641EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/09 11:48 a.m.7 views

EUVD-2017-18974

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

8.7CVSS5.6AI score0.00641EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/06/09 11:19 a.m.6 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00455EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/06/09 11:18 a.m.4 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00455EPSS
Exploits0References5
NVD
NVDadded 2026/06/09 11:16 a.m.7 views

CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS0.00521EPSS
Exploits0References3
Snyk
Snykadded 2026/06/09 11:4 a.m.7 views

Malicious Package

Overview path-extend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.5AI score
Exploits0References2
Cvelist
Cvelistadded 2026/06/09 10:53 a.m.30 views

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS0.00521EPSS
Exploits0References3
CVE
CVEadded 2026/06/09 10:53 a.m.24 views

CVE-2026-49738

CVE-2026-49738 concerns TYPO3 CMS where a flawed check in GeneralUtility::isAllowedAbsPath() uses a plain string prefix instead of a directory boundary, allowing path strings like /var/www/html-other/secret.yaml to pass when project root is /var/www/html. This enables administrator users with acc...

2.1CVSS5.4AI score0.00521EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/09 10:53 a.m.5 views

CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS5.4AI score0.00521EPSS
Exploits0References3
NVD
NVDadded 2026/06/09 10:16 a.m.12 views

CVE-2026-46747

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS0.00242EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 10:16 a.m.9 views

CVE-2026-52902

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS0.00121EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/09 9:33 a.m.2 views

CVE-2026-52902 Awxkit: path traversal via yaml !include directive

A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbitrary YAML-formatted files from the local filesystem when a user imports it using "awx --conf.form...

4.7CVSS5.4AI score0.00121EPSS
Exploits0References2
Rows per page
Query Builder