Lucene search
K

58 matches found

CVE
CVE
added yesterday7 views

CVE-2026-15779

Summary: CVE-2026-15779 concerns Samba’s pam_winbind when mkhomedir is enabled. pam_winbind chowns the target account’s home directory without validating that the path is not a critical system directory like “/”. On systems where / is a user home (a common default for system accounts), this can b...

6.1CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 1:48 p.m.32 views

CVE-2026-56273 Flowise - Path Traversal in Vector Store basePath Parameter

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS0.0033EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 11:17 p.m.13 views

CVE-2026-28701

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...

9.8CVSS0.00702EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 5:21 p.m.9 views

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 9:34 p.m.5 views

GHSA-5GJ7-JF77-Q2Q2 OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)

Summary In openclaw= 2026.2.24 planned next npm release - Latest published npm version at triage time 2026-02-24: 2026.2.23 Root Cause - Default safe-bin trusted directories included package-manager/user-managed paths. - Trust decision was directory-membership only for resolved executable paths...

7CVSS6.2AI score0.00133EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/03 9:34 p.m.8 views

OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)

Summary In openclaw= 2026.2.24 planned next npm release - Latest published npm version at triage time 2026-02-24: 2026.2.23 Root Cause - Default safe-bin trusted directories included package-manager/user-managed paths. - Trust decision was directory-membership only for resolved executable paths...

7.8CVSS6.2AI score0.00133EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.7 views

Zenitel AlphaCom 安全漏洞

Zenitel AlphaCom is a critical communication server owned by the Norwegian company Zenitel. There is a security vulnerability in Zenitel AlphaCom, which allows attackers to read arbitrary files by modifying file path parameters to internal system paths...

6.5CVSS5.9AI score0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/01 12:56 p.m.2 views

CVE-2021-47921 Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.5AI score0.00694EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:56 p.m.4 views

CVE-2021-47921

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00694EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/01 12:56 p.m.8 views

EUVD-2021-34750

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00694EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.9 views

PT-2026-3802

Name of the Vulnerable Software and Affected Versions Mini Mouse version 9.3.0 Description The software contains a path traversal issue that allows attackers to access sensitive system directories. Attackers can retrieve file lists from system directories such as /usr, /etc, and /var by...

8.7CVSS5.4AI score0.0066EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/27 3:3 p.m.5 views

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS7AI score0.00119EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/25 2:3 a.m.4 views

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS6.6AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 2:3 a.m.4 views

EUVD-2025-199530

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS6.5AI score0.00119EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 2:3 a.m.14 views

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-38307

Malicious code in bioql PyPI...

5CVSS5.1AI score0.00429EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.11 views

Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. HTML Publisher Plugin 427 displays only the parent...

6.3CVSS6AI score0.00413EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/07/09 3:39 p.m.17 views

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

0.00413EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/14 4:53 a.m.8 views

SUSE CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

8.2CVSS8.5AI score0.99957EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2024/11/07 4:5 a.m.3 views

SUSE CVE-2024-9902

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

6.3CVSS6.5AI score0.00256EPSS
Exploits0References5
Rows per page
Query Builder