Lucene search
K

54 matches found

EUVD
EUVD
added last week10 views

EUVD-2026-42011

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

8.7CVSS5.9AI score0.00231EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56019

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated user with permissions to add file storage can execute arbitrary commands when storage is saved. This occurs because the LocalFileVolume::saveStorageOnServer function...

8.8CVSS6.3AI score0.00403EPSS
Exploits0References8
OSV
OSV
added 2026/07/03 9:7 a.m.2 views

SUSE-SU-2026:2740-1 Security update for golang-github-docker-libnetwork

This update for golang-github-docker-libnetwork fixes the following issue - CVE-2026-2808: github.com/hashicorp/consul: unvalidated user-supplied file paths can lead to arbitrary file reads through the Vault Kubernetes authentication provider bsc1259566...

6.8CVSS6AI score0.00475EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 5:35 a.m.9 views

EUVD-2026-41247

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/01 11:5 p.m.24 views

CVE-2026-14439 Path Traversal in Altium Git Service Allows Remote Code Execution

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/01 3:58 p.m.135 views

CVE-2026-BetterSQLCipher-RCE

CVE-2026-XXXXX: better-sqlcipher loadExtension Remote Code E...

5.9AI score
Exploits0
NVD
NVD
added 2026/05/13 4:16 p.m.10 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

6.5CVSS0.00387EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/05/12 4:21 p.m.7 views

CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 4:21 p.m.23 views

CVE-2026-43989

CVE-2026-43989 affects JunoClaw: prior to 0.x.y-security-1, the upload_wasm MCP tool could accept a filesystem path from the agent and upload whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. The issue is fixed in 0.x.y-security-1. Fro...

8.5CVSS5.8AI score0.00147EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

Audiobookshelf 路径遍历漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.2 contained a path traversal vulnerability. This vulnerability stemmed from the podcast creation endpoint accepting user-controlled file paths without adequate boundary...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained an access control vulnerability. This vulnerability stemmed from the objects/users.json.php file exposing unvalidated paths, which could allow attackers to...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.17 views

PT-2026-34040

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215 Description The module installation feature extracts ZIP archives without validating file paths. This allows an authenticated administrator to write files arbitrarily on the server filesystem by using a...

9.1CVSS5.8AI score0.00392EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/18 1:16 a.m.33 views

CVE-2026-35582 Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

8.8CVSS0.00861EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.7 views

DriveLock Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of DriveLock. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 4568 by default. The issue results from the...

7.5CVSS5.7AI score
Exploits0References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

LangChain 安全漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.2.22 contained security vulnerabilities. These vulnerabilities stemmed from multiple functions in langchaincore.promptsloading that read...

7.5CVSS6.1AI score0.01204EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/23 9:36 p.m.22 views

CVE-2026-32903

...

Exploits0
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

Unraid 路径遍历漏洞

Unraid is a set of operating systems developed by Unraid Corporation, primarily intended for individuals and small businesses. Unraid has a path traversal vulnerability; this issue stems from the lack of validation for the paths provided by users in the auth-request.php file, which may lead to pa...

7.3CVSS7.1AI score0.00651EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 4:7 p.m.2 views

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in...

6.7CVSS5.7AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:31 p.m.7 views

EUVD-2026-10351

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
CVE
CVE
added 2026/03/09 7:19 p.m.25 views

CVE-2026-0846

The CVE concerns nltk 3.9.2, specifically the filestring() function in nltk.util, which opens user-supplied file paths without proper sanitization. This allows arbitrary file read by passing absolute or traversal paths, enabling access to sensitive system files. Exploitation can occur locally or ...

8.6CVSS7.3AI score0.00428EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder