Lucene search
K

104 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

10CVSS0.00278EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.9 views

CVE-2026-53632

A flaw was found in launch-editor. This component, used in Node.js to open files, can be tricked into accessing arbitrary paths, including Windows Universal Naming Convention UNC paths. When a malicious UNC path is opened, Windows automatically attempts NTLM authentication to a remote server...

5.5CVSS6AI score0.00322EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 5:50 p.m.21 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS0.00368EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 8:16 p.m.39 views

Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.5AI score0.00368EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:18 p.m.8 views

External Control of File Name or Path

Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to External Control of File Name or Path in the handling of UNC paths on Windows systems. An attacker can obtain NTLMv2 password hashes by tricking a user into accessing a malicious SMB server...

8.3CVSS5.4AI score0.00322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:21 p.m.3 views

CVE-2026-39907

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

7CVSS5.8AI score0.00618EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 9:21 p.m.4 views

CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

7CVSS5.8AI score0.00618EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/01 6:36 p.m.5 views

EUVD-2026-17915

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

6.9CVSS5.9AI score0.00319EPSS
Exploits0References6
NVD
NVD
added 2026/04/01 2:16 p.m.5 views

CVE-2026-0522

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

8.8CVSS0.00608EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 7:7 p.m.3 views

GHSA-H3X4-HC5V-V2GM OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Summary Windows local-media handling accepted remote-host file URLs and UNC-style paths before local-path validation, so network-hosted file targets could be treated as local content. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.17 views

PT-2026-28176

Name of the Vulnerable Software and Affected Versions Streamlit versions prior to 1.54.0 Description Streamlit Open Source versions running on Windows hosts are affected by an unauthenticated Server-Side Request Forgery SSRF issue. This arises from insufficient validation of filesystem paths...

4.7CVSS5.9AI score0.00282EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/03/20 6:19 p.m.3 views

CVE-2026-32310

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/20 6:19 p.m.32 views

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS0.00248EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/20 6:19 p.m.6 views

EUVD-2026-13750

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS5.8AI score0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 6:19 p.m.3 views

CVE-2026-32310 Cryptomator: Unverified masterkeyfile key IDs can access arbitrary local or UNC paths

Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loader uses the unverified keyId as a filesystem path. The loader resolves keyId.getSchemeSpecificPart...

4.1CVSS5.8AI score0.00248EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 6:19 p.m.10 views

CVE-2026-32310

** vulnerability overview \n\nCryptomator prior to 1.19.1 parses vault configuration before verifying its integrity, and the masterkeyfile loader uses an unverified keyId as a filesystem path. The code resolves keyId.getSchemeSpecificPart() against the vault path and immediately checks existence,...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.24 views

PT-2026-8030

Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2022 R1 Description An unauthenticated .NET Remoting HTTP service is exposed on TCP port 8001 in affected versions. The service publishes default ObjectURIs, including EndeavorServer.rem and...

10CVSS6.6AI score0.00929EPSS
Exploits1References5
CVE
CVE
added 2026/01/29 3:38 a.m.16 views

CVE-2026-25067

SmarterTools SmarterMail before build 9518 is affected by an unauthenticated path coercion in the background-of-the-day preview endpoint. The flaw stems from base64-decoding attacker-supplied input and using it as a filesystem path without validation, which on Windows can resolve UNC paths and tr...

6.9CVSS5.9AI score0.00283EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.6 views

PT-2025-48076

Name of the Vulnerable Software and Affected Versions UnForm Server versions prior to 10.1.15 Description UnForm Server versions prior to 10.1.15 have an unauthenticated arbitrary file read and SMB coercion issue in the Doc Flow feature’s arc endpoint. The Doc Flow module uses the arc handler to...

8.7CVSS6.8AI score0.00872EPSS
Exploits0References6
CVE
CVE
added 2025/11/21 6:17 p.m.31 views

CVE-2025-30201

CVE-2025-30201 affects Wazuh Agent prior to version 4.13.0. The vulnerability allows authenticated attackers to force NTLM authentication through crafted UNC paths in various agent configuration settings, enabling NTLM relay attacks that could lead to privilege escalation and remote code executio...

9.1CVSS7.9AI score0.00703EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder