Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/18 3:3 p.m.9 views

EUVD-2026-37818

BBOT: Arbitrary File Write in postmandownload Module...

6.5CVSS5.2AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 11:17 p.m.10 views

CVE-2026-12568

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:53 p.m.23 views

CVE-2026-12568

The CVE-2026-12568 entry affects the postman_download module. The root cause is unsanitized use of the workspace name field from the Postman API to build the local output directory path; if the workspace name contains path traversal characters, pathlib resolves outside the intended directory, ena...

6.5CVSS5.4AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:53 p.m.18 views

CVE-2026-12568 Arbitrary File Write in postman_download module

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50563

Name of the Vulnerable Software and Affected Versions Postman Download Module affected versions not specified Description The postman download module fails to sanitize the workspace name field retrieved from the Postman API when constructing local directory paths. A malicious workspace name...

6.5CVSS5.3AI score0.00251EPSS
Exploits0References2
Rows per page
Query Builder