Lucene search
K

56 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-28701

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths...

9.8CVSS0.00839EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 5:21 p.m.7 views

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/03 9:34 p.m.6 views

OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)

Summary In openclaw= 2026.2.24 planned next npm release - Latest published npm version at triage time 2026-02-24: 2026.2.23 Root Cause - Default safe-bin trusted directories included package-manager/user-managed paths. - Trust decision was directory-membership only for resolved executable paths...

7.8CVSS6.2AI score0.00133EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/03 9:34 p.m.3 views

GHSA-5GJ7-JF77-Q2Q2 OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)

Summary In openclaw= 2026.2.24 planned next npm release - Latest published npm version at triage time 2026-02-24: 2026.2.23 Root Cause - Default safe-bin trusted directories included package-manager/user-managed paths. - Trust decision was directory-membership only for resolved executable paths...

7CVSS6.2AI score0.00133EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.6 views

Zenitel AlphaCom 安全漏洞

Zenitel AlphaCom is a critical communication server owned by the Norwegian company Zenitel. There is a security vulnerability in Zenitel AlphaCom, which allows attackers to read arbitrary files by modifying file path parameters to internal system paths...

6.5CVSS5.9AI score0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/01 12:56 p.m.2 views

CVE-2021-47921 Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.5AI score0.00694EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:56 p.m.4 views

CVE-2021-47921

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00694EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/01 12:56 p.m.4 views

EUVD-2021-34750

Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access...

7.1CVSS5.9AI score0.00694EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.7 views

PT-2026-3802

Name of the Vulnerable Software and Affected Versions Mini Mouse version 9.3.0 Description The software contains a path traversal issue that allows attackers to access sensitive system directories. Attackers can retrieve file lists from system directories such as /usr, /etc, and /var by...

8.7CVSS5.4AI score0.0066EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/27 3:3 p.m.4 views

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS7AI score0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/25 2:3 a.m.2 views

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS6.6AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 2:3 a.m.4 views

EUVD-2025-199530

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS6.5AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/25 2:3 a.m.6 views

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...

8.5CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-38307

Malicious code in bioql PyPI...

5CVSS5.1AI score0.00429EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/07/09 6:30 p.m.8 views

Jenkins HTML Publisher Plugin vulnerability displays controller file system information in its logs

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. HTML Publisher Plugin 427 displays only the parent...

6.3CVSS6AI score0.00413EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/07/09 3:39 p.m.15 views

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

0.00413EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/14 4:53 a.m.7 views

SUSE CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

8.2CVSS8.5AI score0.99957EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2024/11/07 4:5 a.m.2 views

SUSE CVE-2024-9902

A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the user module against the unprivileged user's home directory. If the...

6.3CVSS6.5AI score0.00222EPSS
Exploits0References5
Veracode
Veracode
added 2024/06/11 10:28 a.m.22 views

Sensitive Information Exposure

h2o is vulnerable to Sensitive Information Exposure. The vulnerability is due the Typeahead API call which allows an attacker to lookup arbitrary system paths in the entire file system where h2o-3 is hosted...

5.3CVSS6.8AI score0.00835EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/06/06 6:11 p.m.23 views

CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

9.4CVSS0.01346EPSS
Exploits1References2
Rows per page
Query Builder