Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

101388 matches found

NVD
NVDadded 2026/06/09 9:16 a.m.7 views

CVE-2026-49818

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS0.00726EPSS
Exploits0References3
OSV
OSVadded 2026/06/09 9:16 a.m.4 views

PYSEC-2026-208

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.5AI score0.00726EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/09 8:46 a.m.6 views

CVE-2026-46747

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS5.4AI score0.00242EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/09 8:46 a.m.7 views

EUVD-2026-35384

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS5.4AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/09 8:46 a.m.33 views

CVE-2026-46747

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected application does not properly sanitize path input in the GET /api/sftp/uploadFiles endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended fil...

5.3CVSS0.00242EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 8:46 a.m.16 views

CVE-2026-46747

The CVE-2026-46747 issue affects SINEC INS (all versions

5.3CVSS5.4AI score0.00242EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/06/09 8:16 a.m.11 views

CVE-2026-41972

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability...

5.4CVSS0.00235EPSS
Exploits0References1
Veracode
Veracodeadded 2026/06/09 7:49 a.m.7 views

Privilege Escalation

AWS Advanced JDBC Wrapper is vulnerable to Privilege Escalation. The vulnerability is due to an untrusted search path issue in the GlobalDatabasePlugin, where a low-privileged authenticated user can create a crafted function that is executed when another user connects through the affected wrapper...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/09 7:42 a.m.6 views

CVE-2026-49818 Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

5.6AI score0.00726EPSS
Exploits0References2
CVE
CVEadded 2026/06/09 7:42 a.m.11 views

CVE-2026-49818

The CVE concerns Apache Airflow Samba provider’s GCSToSambaOperator, which concatenates GCS object names to the SMB destination path without proper containment checks. This allows objects with ../ segments to traverse outside destination_path, enabling an unauthenticated-like attacker able to wri...

6.5CVSS5.6AI score0.00726EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/06/09 7:42 a.m.34 views

CVE-2026-49818 Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

0.00726EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/09 7:42 a.m.6 views

EUVD-2026-35374

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.6AI score0.00726EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/09 6:54 a.m.5 views

CVE-2026-41972

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability...

5.4CVSS5.4AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/09 6:54 a.m.28 views

CVE-2026-41972

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability...

5.4CVSS0.00235EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/09 6:54 a.m.7 views

EUVD-2026-35359

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability...

5.4CVSS5.4AI score0.00235EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 6:54 a.m.12 views

CVE-2026-41972

CVE-2026-41972 describes a path traversal vulnerability in the SMS app with an impact on availability. The provided documents mention the issue and CVSS details (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) but do not specify affected product versions, vulnerable components, exact exploit paths, or a rem...

5.4CVSS5.5AI score0.00235EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/09 6:7 a.m.8 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include denial of service issues in the Linux kernel and Python components, command injection vulnerabilities in Python's imapli...

8.8CVSS7.6AI score0.01468EPSS
Exploits0Affected Software1
NVD
NVDadded 2026/06/09 5:16 a.m.7 views

CVE-2026-41843

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS0.0027EPSS
Exploits0References1
OSV
OSVadded 2026/06/09 5:16 a.m.4 views

UBUNTU-CVE-2026-41843

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.0027EPSS
Exploits0References3
OSV
OSVadded 2026/06/09 5:16 a.m.5 views

UBUNTU-CVE-2026-41848

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

7.5CVSS5.4AI score0.00316EPSS
Exploits0References3
Rows per page
Query Builder