CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/04 9:54 p.m.•22 views

CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality

8.8CVSS0.00061EPSS

CVE•added 2026/02/04 9:54 p.m.•4 views

CVE-2026-25575

NavigaTUM's propose_edits API had a path traversal flaw before commit 86f34c7, enabling unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn) by sending unsanitized file keys containing traversal sequences (../../) in JSON. This could allow replacin...

Exploits1References3Affected Software1

ATTACKERKB•added 2026/02/04 9:54 p.m.•3 views

CVE-2026-25575

8.8CVSS5.4AI score0.00061EPSS

Exploits1References4

Vulnrichment•added 2026/02/04 9:54 p.m.•2 views

CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality

8.8CVSS5.4AI score0.00061EPSS

EUVD•added 2026/02/04 9:54 p.m.•3 views

EUVD-2026-5325

OSV•added 2026/02/04 9:54 p.m.•2 views

CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality

Positive Technologies•added 2026/02/04 12:0 a.m.•2 views

Exploits1References5

PT-2026-6324

Name of the Vulnerable Software and Affected Versions NavigaTUM versions prior to commit 86f34c7 Description NavigaTUM is a website and API used for searching locations. A path traversal flaw exists in the propose edits API endpoint, allowing unauthenticated users to overwrite files in directorie...

CNNVD•added 2026/02/04 12:0 a.m.•2 views

Exploits1References8

NavigaTUM 安全漏洞

NavigaTUM is a navigation tool software developed by TUM Developers. Previous versions of NavigaTUM, such as 86f34c7, had security vulnerabilities. These vulnerabilities stemmed from the proposeedits endpoint not clearing file paths properly, which could lead to path traversal and file overwritin...

8.8CVSS5.8AI score0.00061EPSS

Positive Technologies•added 2025/12/05 12:0 a.m.•3 views

PT-2025-49266

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

4.8CVSS6.7AI score0.00023EPSS

Exploits0References5

Wired Threat Level•added 2025/11/24 2:0 p.m.•4 views

Amazon Is Using Specialized AI Agents for Deep Bug Hunting

Born out of an internal hackathon, Amazon’s Autonomous Threat Analysis system uses a variety of specialized AI agents to detect weaknesses and propose fixes to the company’s platforms...

7AI score

Code423n4•added 2023/08/10 12:0 a.m.•6 views

SecurityCouncilMemberElectionGovernor propose() function is not properly restricted

Lines of code Vulnerability details summary The propose function in the SecurityCouncilMemberElectionGovernor contract is not properly restricted. This means that any user can call it, including attackers. Description The propose function in the SecurityCouncilMemberElectionGovernor contract is...

6.6AI score

Code423n4•added 2023/07/13 12:0 a.m.•7 views

A proposer can initiate several proposals at once through delegations

Lines of code Vulnerability details Impact Within the NounsDAOV3Proposals' propose function, a proposer is only permitted to have one active proposal at a time. Despite this, a proposer has the capability to delegate to various accounts, enabling these accounts to propose on their behalf. Proof o...

6.6AI score

Code423n4•added 2023/07/13 12:0 a.m.•5 views

ds._proposals mapping is never updated when a new proposal is created via propose() in NounsDAOV3Proposals.sol

Lines of code Vulnerability details Impact in function propose, after a new proposal is created, the ds.proposals variable in storage is never updated. Natspec comments for StorageV3 struct definition in NounsDAOInterfaces.sol says that ds.proposals is a mapping that contains references to all...

6.8AI score

NVD•added 2023/04/16 8:15 a.m.•7 views

CVE-2023-30542

OpenZeppelin Contracts is a library for secure smart contract development. The proposal creation entrypoint propose in GovernorCompatibilityBravo allows the creation of proposals with a signatures array shorter than the calldatas array. This causes the additional elements of the latter to be...

8.8CVSS7.7AI score0.00535EPSS

Exploits0References2

CVE•added 2023/04/16 7:10 a.m.•50 views

CVE-2023-30542

CVE-2023-30542 concerns OpenZeppelin Contracts’ GovernorCompatibilityBravo: the propose entrypoint may allow a signatures array shorter than the calldatas array, causing extra calldatas to be ignored and potentially executing actions without calldata if the proposal passes. The event reflects wha...

8.8CVSS7.7AI score0.00535EPSS

Exploits0References2Affected Software2

OSV•added 2023/04/16 7:10 a.m.•12 views

CVE-2023-30542 GovernorCompatibilityBravo may trim proposal calldata

6.8CVSS8.4AI score0.00535EPSS

Exploits0References4

Code423n4•added 2022/12/19 12:0 a.m.•7 views

User loses collateral converted to pendingBalance when cash() or list() is called

Lines of code Vulnerability details Description In OptimisticListingOpensea, there are several functions which update pendingBalances of a proposer: 1. list 2. cash 3. propose Unfortunately, in list and cash the = operator is used instead of += when writing the new pendingBalances. For example:...

6.6AI score

Code423n4•added 2022/12/19 12:0 a.m.•5 views

Any user which holds Raes tokens can infinitely freeze NFT in OptimisticListingSeaport

Lines of code Vulnerability details Description OptimisticListingSeaport exposes propose method to create new proposal, and rejectProposal to remove a listing in proposal stage. In propose, proposer commits a certain amount of collateral: // Sets collateral amount to pending balances for withdraw...

6.5AI score