Lucene search
+L

2570 matches found

OSV
OSV
added 2026/07/07 4:3 p.m.15 views

PYSEC-2026-1802 pretix has Broken Access Control Allowing Cross-User File Access via UUID

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 8:59 p.m.7 views

EUVD-2026-41946

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 8:7 p.m.6 views

Security Bulletin: Path traversal allows arbitrary file read in IBM Terraform Self Managed container

Summary IBM Terraform Self Managed contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content...

7.7CVSS5.9AI score0.00295EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/06 7:17 p.m.9 views

CVE-2026-9181

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS0.00727EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 6:22 p.m.7 views

CVE-2026-9181 Directory Traversal in ArcGIS Server

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS6AI score0.00727EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 6:22 p.m.4 views

EUVD-2026-41897

ArcGIS Server contains a directory traversal vulnerability. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow access to sensitive files on the system. This issue impacts all versions of ArcGIS Server 12.0 and prior...

9.8CVSS6AI score0.00727EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:22 p.m.7 views

CVE-2026-9181

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS6AI score0.00727EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 6:22 p.m.36 views

CVE-2026-9181 Directory Traversal in ArcGIS Server

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS0.00727EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 6:22 p.m.33 views

CVE-2026-9181

ArcGIS Server is affected by a directory traversal vulnerability. An unauthenticated attacker can exploit it by sending crafted path parameters, potentially enabling access to sensitive files on the system. The issue affects all versions up to and including 12.0. The connected sources confirm the...

9.8CVSS6AI score0.00727EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/07/06 6:31 a.m.7 views

Path Traversal

Horde IMP is vulnerable to path traversal. The vulnerability is due to insufficient validation of img src URLs, where attackers can bypass the stripos prefix validation by appending traversal sequences after the matching prefix, and read sensitive files whose contents are then exfiltrated as MIME...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55967

Name of the Vulnerable Software and Affected Versions ArcGIS Server versions prior to 12.1 Description An unauthenticated attacker can exploit a directory traversal issue by sending crafted path parameters. This allows the attacker to access sensitive files on the system. Directory traversal is a...

9.8CVSS6AI score0.00727EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/05 5:52 p.m.10 views

EUVD-2026-41775

AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.6 views

Malicious code in @marketfront/header (npm)

The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.8 views

Malicious code in @marketfront/errorcounter (npm)

The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.3 views

Apache HTTP Server: mod_rewrite: Apache HTTP Server: Privilege Escalation via .htaccess file manipulation

A flaw was found in Apache HTTP Server. This escalation of privilege vulnerability allows local attackers, specifically those with the ability to author .htaccess files, to read sensitive files. This flaw enables unauthorized access to files with the privileges of the httpd user, potentially...

8.8CVSS7.1AI score0.00654EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/30 7:13 p.m.10 views

EUVD-2026-40381

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS6AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:13 p.m.37 views

CVE-2026-7873

CVE-2026-7873 affects Langflow OSS 1.0.0–1.10.0. IBM’s advisory attributes the flaw to the code validation endpoint’s logic, which could cause authenticated attackers to execute arbitrary OS commands and read sensitive files (including credentials) due to how function definitions were compiled/ex...

9.9CVSS6AI score0.00294EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 11:30 a.m.5 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.3AI score0.96267EPSS
Exploits230References14
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.12 views

CVE-2026-44022

A flaw was found in Docling, a tool for document processing. The LaTeX backend, responsible for handling commands like \includegraphics, \input, and \include, lacked proper validation for file paths. This vulnerability allows an attacker to craft a malicious LaTeX document containing path travers...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 3:40 p.m.3 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS6AI score0.00113EPSS
Exploits0References4
Rows per page
Query Builder