Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2026/04/28 12:31 a.m.3 views

GHSA-WFR3-HF93-QGG3 mkdocs-mcp-plugin has a Path Traversal issue

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function readdocument/listdocuments of the file server.py. Performing a manipulation of the argument docsdir/filepath results in path traversal. The attack is possible to be carried out remotely. The exploit has...

7.3CVSS6.7AI score0.00426EPSS
Exploits0References7
UbuntuCve
UbuntuCveadded 2026/03/16 2:19 p.m.4 views

CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

4.7CVSS5.9AI score0.00187EPSS
Exploits1References2
CVE
CVEadded 2026/02/11 8:23 p.m.7 views

CVE-2026-25062

Outline (the Outline service) prior to version 1.4.0 is vulnerable via JSON import where attachments[].key is passed to path.join(rootPath, node.key) and then read with fs.readFile without validation, enabling path traversal (e.g., ../ or absolute paths) to read arbitrary server files and import ...

5.5CVSS5.8AI score0.00393EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/02/11 3:40 p.m.23 views

CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...

6.9CVSS0.005EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-42855

Malicious code in bioql PyPI...

6.8CVSS6.4AI score0.00533EPSS
Exploits0References2
OSV
OSVadded 2025/01/21 11:15 p.m.2 views

CVE-2024-49747

In gattsprocessreadbytypereq of gattsr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS6.4AI score
Exploits0References1
CVE
CVEadded 2024/05/29 1:28 p.m.59 views

CVE-2024-36362

CVE-2024-36362 describes a path traversal in JetBrains TeamCity servers that allows reading arbitrary files from the server. Affected versions are TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, and 2024.03.2. Remediation is to upgrade to the corresponding fixed releases: 2022.04.7 or...

6.5CVSS6.6AI score0.00502EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/07/19 4:15 p.m.2 views

DEBIAN-CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

8.1CVSS7.3AI score0.01086EPSS
Exploits0References1
Exploit DB
Exploit DBadded 2002/06/15 12:0 a.m.28 views

My Postcards 6.0 - &#039;MagicCard.cgi&#039; Arbitrary File Disclosure

source: https://www.securityfocus.com/bid/5029/info My Postcards is a commercial available eletronic postcard system. It is available for Unix and Linux Operating Systems. The magiccard.cgi script does not properly handle some types of input. As a result, it may be possible for a remote user to...

7.4AI score
Exploits0
Rows per page
Query Builder