Lucene search
K

65 matches found

CVE
CVE
added 2026/06/29 7:53 a.m.18 views

CVE-2026-57966

Summary (CVE-2026-57966): A path traversal flaw in spice-vdagent allows a malicious/untrusted SPICE host to write arbitrary files on the guest filesystem via an unsanitized filename during file transfers. The vulnerability enables writes with the spice-vdagent process privileges (usually the logg...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/29 7:53 a.m.43 views

CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53238

Name of the Vulnerable Software and Affected Versions spice-vdagent affected versions not specified Description A path traversal flaw exists in spice-vdagent, where a path traversal is a vulnerability that allows an attacker to access files and directories that are stored outside the web root...

4.4CVSS6.1AI score0.00135EPSS
Exploits0References12
CVE
CVE
added 2026/06/18 6:46 p.m.20 views

CVE-2026-48716

CVE-2026-48716 involves nanobot prior to version 0.1.5.post4, where the WhatsApp bridge (bridge/src/whatsapp.ts) constructs a filesystem path from documentMessage.fileName without sanitization. The code concatenates a prefix with the raw fileName and passes it to path.join(mediaDir, outFilename),...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 3:56 p.m.11 views

CVE-2026-6961 CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations...

7.6CVSS5.4AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 3:56 p.m.34 views

CVE-2026-6961 CVE-2026-6961: Path traversal via unsanitized FileInfo.Name in Mattermost federation sync

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sync, which allows an attacker who controls a federated server to write files to arbitrary locations...

7.6CVSS0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.15 views

PT-2026-47126

Name of the Vulnerable Software and Affected Versions Quick Playground versions prior to 1.3.5 Description The Quick Playground plugin for WordPress contains a path traversal flaw. The qckply data function processes the filename POST parameter and passes it to file get contents without proper...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/27 2:23 p.m.14 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/22 7:20 a.m.84 views

Exploit for CVE-2024-53667

CVE-2024-53677 — How the Exploit Works and How to Run It V...

9.8CVSS5.8AI score0.78198EPSS
Exploits15
OSV
OSV
added 2026/05/21 5:11 p.m.5 views

GHSA-763J-3P5V-JFC6 androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

4.8CVSS5.9AI score
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/17 8:1 a.m.11 views

Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

...

7.2CVSS5.8AI score0.0081EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/08 6:43 p.m.13 views

Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor

Impact A code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system editor or open with a custom editor, the filename is passed directly into a command line without sanitization. A...

7.8CVSS6.3AI score0.00167EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/08 2:55 a.m.32 views

CVE-2026-43943 electerm: RCE via malicious SSH server filename in openFileWithEditor

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS0.00167EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 1:16 p.m.5 views

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

5.5AI score0.0081EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/30 1:16 p.m.30 views

CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...

0.0081EPSS
Exploits1References2
CVE
CVE
added 2026/04/30 1:16 p.m.32 views

CVE-2026-7246

CVE-2026-7246 affects Pallets Click up to version 8.3.2. The vulnerability is a command injection in the click.edit() function that allows an unprivileged attacker to pass arbitrary OS commands. This is a local attack with high impact on confidentiality, integrity, and availability as per the cit...

7.2CVSS5.5AI score0.0081EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/04/04 6:4 a.m.23 views

GHSA-2WFH-RCWF-WH23 Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write

Summary The plugin file upload endpoint POST /api/plugin/upload passes the user-supplied filename directly to createTempFolder without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary...

8.7CVSS6.7AI score0.00554EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/01 10:4 p.m.7 views

CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS

Summary Vulnerability: Stored DOM Blind XSS via Backup Management Filename Persistent Payload Injection - Stored Cross-Site Scripting Blind XSS via Unsanitized Backup Filename in Backup Management Description The application fails to properly sanitize user-controlled input when handling backup...

9.1CVSS6.2AI score0.00269EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.6 views

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.9AI score0.00427EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 12:16 a.m.4 views

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS0.00427EPSS
Exploits1References1
Rows per page
Query Builder