Lucene search
K

161 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

8.8CVSS5.8AI score0.006EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-13509

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

6.5CVSS0.00294EPSS
Exploits0References7
CVE
CVE
added 5 days ago11 views

CVE-2026-13509

RAGapp up to 0.1.5 is affected. The vulnerability lies in FileHandler.upload_file and FileHandler.remove_file (src/ragapp/backend/controllers/files.py), enabling path traversal. Exploitation can be performed remotely, and public proof-of-concept/exploitation has been disclosed. A fix via a pull r...

6.5CVSS6.1AI score0.00294EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-13509 RAGapp Knowledge File files.py FileHandler.remove_file path traversal

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely...

6.5CVSS0.00294EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.5AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.11 views

CVE-2026-7400

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

7.5CVSS6.7AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.11 views

CVE-2026-7404

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...

7.5CVSS6.8AI score0.00512EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.19 views

CVE-2026-7386

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mailmcpserver.py. Executing a manipulation of the argument messageids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

7.5CVSS6.8AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5849

A vulnerability was determined in Tenda i12 1.0.0.113862. The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

9.8CVSS6.9AI score0.00632EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5962

A vulnerability was detected in Tenda CH22 1.0.0.6468. This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used...

9.8CVSS7AI score0.00537EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/01 1:45 a.m.10 views

EUVD-2026-33534

A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. This vulnerability affects unknown code of the file /api/skills/delete of the component API Endpoint. Performing a manipulation of the argument Name results in path traversal. The attack can be initiated remotely. The exploit has...

5.5CVSS5.7AI score0.00372EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:30 p.m.9 views

CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

7.5CVSS6.8AI score0.00519EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/17 1:16 p.m.27 views

CVE-2026-8756

A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generateconfig of the file webuipreprocess.py of the component Gradio Interface. Such manipulation of the argument datadir leads to path traversal. The attac...

7.5CVSS0.00512EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 1:0 p.m.18 views

CVE-2026-8756

CVE-2026-8756 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a path traversal vulnerability in the Gradio Interface’s webui_preprocess.py, specifically in generate_config. The issue arises from manipulating the data_dir argument, enabling remote exploita...

7.5CVSS6.6AI score0.00512EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 12:45 p.m.16 views

CVE-2026-8755

The CVE-2026-8755 affects fishaudio Bert-VITS2 (up to commit 8f7fbd8c4770965225d258db548da27dc8dd934c) with a vulnerability in the Model Handler component. Specifically, the function _get_all_models in hiyoriUI.py enables path traversal. This is a remote exploitable issue, and an exploit has been...

7.5CVSS6.7AI score0.00611EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.10 views

CVE-2026-8215

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument mstrSourceFileName causes path traversal. The attack can be initiated remotely. The...

6.9CVSS5.8AI score0.0055EPSS
Exploits0References1
CVE
CVE
added 2026/05/10 12:30 a.m.17 views

CVE-2026-8215

CVE-2026-8215 affects Industrial Application Software IAS Canias ERP 8.03, specifically the RMI Interface function iasRequestFileEvent. The vulnerability arises from manipulating the m_strSourceFileName argument, enabling path traversal. Attacks can be initiated remotely and publicly disclosed ex...

6.9CVSS5.8AI score0.0055EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.11 views

CVE-2026-8113

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to laun...

6.5CVSS5.4AI score0.00413EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:45 a.m.3 views

CVE-2026-7810

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

7.5CVSS6.8AI score0.0041EPSS
Exploits0References5
NVD
NVD
added 2026/05/04 1:16 a.m.12 views

CVE-2026-7715

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...

6.5CVSS0.00288EPSS
Exploits0References6
Rows per page
Query Builder