Lucene search
+L

1714 matches found

Nuclei
Nuclei
added 7 hours ago19 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS5.8AI score0.06263EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-46336

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/modelfile.rb uses the user-controlled...

7.1CVSS6.1AI score0.00332EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2 days ago7 views

CVE-2026-46336

CVE-2026-46336 affects Manyfold (0.96.0–0.140.0). Authenticated users can rename uploaded files, and due to unsanitized user-controlled filenames in app/models/model_file.rb used with File.join(model.path, filename), path traversal may move/write files outside the library directory. Impact: poten...

7.1CVSS6.1AI score0.00332EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-46336 Manyfold: Authenticated Path Traversal via File Rename

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. From 0.96.0 until 0.140.0, authenticated users can rename uploaded files with path traversal sequences because app/models/modelfile.rb uses the user-controlled...

7.1CVSS0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 7:15 a.m.7 views

EUVD-2026-42837

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 9:16 p.m.7 views

CVE-2026-54527

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00298EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/07/08 9:3 p.m.34 views

CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00298EPSS
Exploits2References3
OSV
OSV
added 2026/07/08 9:3 p.m.4 views

CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS6.2AI score0.00298EPSS
Exploits2References5
CVE
CVE
added 2026/07/08 9:3 p.m.58 views

CVE-2026-54527

CVE-2026-54527 affects the jupyterlab-git extension. The PlainTextDiff.ts createHeader() renders renamed-file headers by directly inserting Git filenames into innerHTML, enabling stored XSS that can lead to remote code execution. Affected range is before 0.54.0, with fix released in 0.54.0. Explo...

9.3CVSS6AI score0.00298EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/07/08 5:17 p.m.1 views

DEBIAN-CVE-2026-60102

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

7.7CVSS6.3AI score0.01803EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.8 views

The vulnerability of the f2fs_rename() function in the fs/f2fs/namei.c file of the F2FS file system in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the f2fsrename function in the fs/f2fs/namei.c file of the F2FS file system in the Linux operating system is related to state management errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6AI score0.00173EPSS
Exploits0References10Affected Software2
NVD
NVD
added 2026/07/01 4:16 p.m.10 views

CVE-2026-58037

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Language/Language.Php, includes/Logging/BlockLogFormatter.Php, includes/Logging/LogFormatter.Php,...

6.1CVSS0.0027EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-53099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Switch CONFIGCFICLANG to CONFIGCFI This was renamed in commit 23ef9d439769 kcfi: Rename CONFIGCFICLANG to CONFIGCFI as it is now a compiler-agnostic option...

5.5AI score0.00156EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 7:33 p.m.3 views

CVE-2026-44734 OpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public co...

6.5CVSS6AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:33 p.m.16 views

CVE-2026-44734

CVE-2026-44734 affects OpenProject prior to 17.3.2 and 17.4.0. A Missing Authorization flaw in CostReportsController allows any authenticated user to rename/update public cost reports (name, filters, grouping) without ownership or permission checks. An attacker who guesses a public report ID can ...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:33 p.m.27 views

CVE-2026-44734 OpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and update actions allow any authenticated user to modify the name, filters, and grouping of any Public co...

6.5CVSS0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 3:50 p.m.4 views

CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

7.2CVSS6.1AI score0.00567EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 5:17 p.m.11 views

CVE-2026-53099

In the Linux kernel, the following vulnerability has been resolved: bpf: Switch CONFIGCFICLANG to CONFIGCFI This was renamed in commit 23ef9d439769 "kcfi: Rename CONFIGCFICLANG to CONFIGCFI" as it is now a compiler-agnostic option. Using the wrong name results in the code getting compiled out...

0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53099

The CVE-2026-53099 vulnerability affects the Linux kernel’s BPF subsystem, specifically involving the CONFIG_CFI_CLANG to CONFIG_CFI rename. The root cause is that CONFIG_CFI_CLANG was renamed to a compiler-agnostic CONFIG_CFI, and using the old name can cause code to be compiled out, meaning CFI...

5.8AI score0.00156EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53099 bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI

In the Linux kernel, the following vulnerability has been resolved: bpf: Switch CONFIGCFICLANG to CONFIGCFI This was renamed in commit 23ef9d439769 "kcfi: Rename CONFIGCFICLANG to CONFIGCFI" as it is now a compiler-agnostic option. Using the wrong name results in the code getting compiled out...

5.8AI score0.00156EPSS
Exploits0References5
Rows per page
Query Builder