Lucene search
+L

1393 matches found

OSV
OSV
added 2026/03/20 11:31 p.m.5 views

CVE-2026-33238 AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration

WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by...

4.3CVSS6.1AI score0.00418EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

File Browser 输入验证错误漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser 2.61.2 and earlier contained a vulnerability related to input validation errors. This...

8.1CVSS6.4AI score0.01903EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/19 11:0 p.m.3 views

Embedded Malicious Code

Overview @emilgroup/document-uploader is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released o...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/19 7:34 p.m.3 views

GHSA-4JW9-5HRC-M4J6 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

7.6CVSS5.9AI score0.00254EPSS
Exploits1References4
OSV
OSV
added 2026/03/19 12:43 p.m.3 views

GHSA-4WMM-6QXJ-FPJ4 AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration

Summary The listFiles.json.php endpoint accepts a path POST parameter and passes it directly to glob without restricting the path to an allowed base directory. An authenticated uploader can traverse the entire server filesystem by supplying arbitrary absolute paths, enumerating .mp4 filenames and...

4.3CVSS6AI score0.00418EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/19 12:43 p.m.6 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the listFiles.json.php file. An attacker can enumerate and disclose the absolute paths of .mp4 files located anywhere on the server...

7.1CVSS6.4AI score0.00418EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.10 views

PT-2026-26491

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

7.6CVSS6AI score0.00254EPSS
Exploits1References6
Veracode
Veracode
added 2026/03/14 5:28 a.m.17 views

Camaleon CMS Vulnerable To Path Traversal Through AWS S3 Uploader Implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.9AI score0.1456EPSS
Exploits11References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.15 views

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References1
EUVD
EUVD
added 2026/03/10 9:31 a.m.5 views

EUVD-2026-10362

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References5
EUVD
EUVD
added 2026/03/10 9:31 a.m.4 views

EUVD-2026-10361

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References5
OSV
OSV
added 2026/03/10 9:31 a.m.4 views

GHSA-JW5G-F64P-6X78 Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/10 9:31 a.m.16 views

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/03/10 7:38 a.m.8 views

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS0.00732EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.9 views

CAMALEON CMS 路径遍历漏洞

CAMALEON CMS is a dynamic advanced content management system developed by Owen Peredo Diaz. Versions of Camaleon CMS prior to 2.9.0 and versions before f54a77e contained a path traversal vulnerability. This vulnerability stems from path traversal in the AWS S3 uploader implementation, which could...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References5
RubySec
RubySec
added 2026/03/10 12:0 a.m.63 views

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS5.7AI score0.00732EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/09 10:39 p.m.3 views

Directory Traversal

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Directory Traversal via the downloadprivatefile function when the application is configured to use the...

6.5CVSS6.3AI score0.00732EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:8 p.m.8 views

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References5Affected Software1
OSV
OSV
added 2026/03/09 9:8 p.m.7 views

CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6CVSS6AI score0.00732EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/09 9:8 p.m.47 views

CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6CVSS0.00732EPSS
Exploits0References4
Rows per page
Query Builder