Lucene search
K

1968 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago11 views

Linux Distros Unpatched Vulnerability : CVE-2026-10732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entri...

9.8CVSS7.8AI score0.02147EPSS
Exploits1References2
Snyk
Snyk
added 6 days ago6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Lucene.Net.Replicator process. An attacker can access arbitrary files on the server by submitting crafted requests containing path traversal sequences. Details A Directory Traversal attack also known as path...

8.9CVSS6.5AI score0.00479EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Lucene.Net.Replicator process. An attacker can write arbitrary files to the client system by sending specially crafted data from a malicious server. Details A Directory Traversal attack also known as path...

8.9CVSS6.5AI score0.00385EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/27 12:13 a.m.15 views

Directory Traversal

Overview @pnpm/installing.env-installer is an Installer for configurational dependencies Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names wi...

8.2CVSS6.5AI score0.00257EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/26 6:15 p.m.5 views

Directory Traversal

Overview extract-zip is an unzip a zip file into a directory using 100% javascript Affected versions of this package are vulnerable to Directory Traversal via the extraction process. An attacker can access or modify arbitrary files by crafting a malicious zip archive containing symlinks that poin...

8.6CVSS6.5AI score0.00346EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/25 7:14 p.m.6 views

CVE-2026-44017

A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/25 5:20 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the org.opencontainers.image.title annotation in the artifact manifest when downloading OCI artifacts. An attacker can cause files to be written to arbitrary locations on the host filesystem by supplying a crafte...

8.1CVSS6.6AI score0.00292EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 7:15 p.m.5 views

Directory Traversal

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Directory Traversal via the POST /ClientLog/Document endpoint, which uses unsanitized values from the Authorization header...

8.8CVSS6.5AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 6:17 p.m.8 views

CVE-2026-44017

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

8.3CVSS0.00478EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/24 5:48 p.m.7 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS6.7AI score0.00478EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:48 p.m.49 views

CVE-2026-44017

CVE-2026-44017 concerns Docling’s EasyOCR model download: prior to 2.91.0, ZIP archives were extracted without validating member paths, enabling Zip Slip path traversal. An attacker who could supply or intercept the model source could overwrite files anywhere writable by the process, potentially ...

8.3CVSS6.7AI score0.00478EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/24 5:48 p.m.29 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS0.00478EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:20 p.m.6 views

Directory Traversal

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the Clone or Push operations in the Git node when a local filesystem path is supplied as the source or target repository, bypassing the intended file sandbox. An attacker can...

7.7CVSS6.5AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:18 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handler/router.go process. An attacker can access arbitrary files on the host filesystem by sending requests with percent-encoded backslashes %5C that bypass path sanitization. Details A Directory Traversal...

8.7CVSS6.5AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:18 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handler/router.go process. An attacker can access arbitrary files on the host filesystem by sending requests with percent-encoded backslashes %5C that bypass path sanitization. Details A Directory Traversal...

8.7CVSS6.5AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:18 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the handler/router.go process. An attacker can access arbitrary files on the host filesystem by sending requests with percent-encoded backslashes %5C that bypass path sanitization. Details A Directory Traversal...

8.7CVSS6.5AI score0.00408EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/22 12:0 a.m.11 views

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec...

9.8CVSS6.4AI score0.00559EPSS
Exploits1
Snyk
Snyk
added 2026/06/19 10:10 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the getImageForOcclusion function. An attacker can access arbitrary files readable by the application process and exfiltrate their contents over the network by embedding malicious scripts in iframes within import...

7.1CVSS6.5AI score0.00169EPSS
Exploits0References2
Rows per page
Query Builder