Lucene search
K

542 matches found

Nuclei
Nuclei
added yesterday7 views

UniFi Network Application - Path Traversal

UniFi Network Application contains a path traversal vulnerability allowing a network attacker to access and manipulate files on the underlying system, potentially leading to account access, exploit requires network access. id: CVE-2026-22557 info: name: UniFi Network Application - Path Traversal...

10CVSS7.4AI score0.15601EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.4 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/23 12:0 a.m.7 views

Ubiquiti UniFi OS Path Traversal Vulnerability

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.9AI score0.02269EPSS
In wildExploits2
VulnCheck KEV
VulnCheck KEV
added 2026/06/09 12:0 a.m.6 views

VulnCheck KEV: CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.8AI score0.02269EPSS
In wildExploits2References3
Vulnrichment
Vulnrichment
added 2026/05/27 12:28 p.m.12 views

CVE-2026-1933 Samba: missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0References13
GithubExploit
GithubExploit
added 2026/05/24 2:4 a.m.81 views

SWPT-Notes

SWPT-Notes Personal study notes compiled while working throug...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/23 2:12 a.m.21 views

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.7AI score0.02269EPSS
Exploits2References1
NVD
NVD
added 2026/05/22 2:16 a.m.49 views

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS0.02269EPSS
Exploits2References3
NVD
NVD
added 2026/05/22 2:16 a.m.17 views

CVE-2026-34911

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information...

7.7CVSS0.0068EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 12:43 a.m.13 views

EUVD-2026-31384

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.7AI score0.02269EPSS
Exploits2References1
CVE
CVE
added 2026/05/22 12:43 a.m.42 views

CVE-2026-34909

CVE-2026-34909 is a path traversal vulnerability in UniFi OS devices. A network-based attacker can access files on the underlying system, potentially manipulating them to access an underlying account. The issue is rated CVSS v3.1 Base Score 10.0 (CRITICAL) with Network attack vector, no privilege...

10CVSS5.7AI score0.02269EPSS
In wildExploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:43 a.m.8 views

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.7AI score0.02269EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/22 12:43 a.m.10 views

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.7AI score0.02269EPSS
Exploits2References1
OSV
OSV
added 2026/05/18 5:44 p.m.5 views

GHSA-3263-V5V9-XQ8Q Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 5:44 p.m.18 views

Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41796

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description The row action trigger endpoint "POST /api/tables/:sourceId/actions/:actionId/trigger" fails to validate if the user-supplied rowId is within the scope of the view's row filters. This allows a user...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:18 p.m.9 views

CVE-2026-44872

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...

7.2CVSS6AI score0.00815EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-41390

OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execu...

7.3CVSS0.00117EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/28 6:9 p.m.7 views

EUVD-2026-26098

OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execu...

7.3CVSS5.3AI score0.00117EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/20 6:54 a.m.4 views

CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

9.4CVSS6.2AI score0.01451EPSS
Exploits1References1
Rows per page
Query Builder