Lucene search
+L

1381 matches found

cve
cve
added yesterday9 views

CVE-2026-46458

CVE-2026-46458 affects ICU Scandinavia Boomerang. An information-disclosure flaw allows an unauthenticated attacker to retrieve plaintext credentials by requesting specific XML files from the webroot over static HTTP. The root cause is exposure of sensitive credential files via static HTTP paths....

7.1CVSS6.1AI score
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44621

Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...

8.1CVSS6.2AI score
Exploits0References2
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-58026

Name of the Vulnerable Software and Affected Versions Ivanti Xtraction versions prior to 2026.2.1 Description A path traversal issue allows a remote authenticated attacker to read arbitrary files located outside the web root. Path traversal is a flaw that allows an attacker to access files and...

7.7CVSS6.2AI score0.01037EPSS
Exploits0References5
nvd
nvd
added 3 days ago5 views

CVE-2026-58409

ChurchCRM is an open-source church management system. Prior to version 7.4.0, an authenticated administrator can achieve Remote Code Execution RCE on the server by installing a malicious plugin ZIP archive containing a PHP webshell. The application explicitly includes 'php' in its ALLOWEDEXTENSIO...

9.1CVSS0.00456EPSS
Exploits0References1
euvd
euvd
added 6 days ago9 views

EUVD-2025-210451

An unauthenticated path traversal vulnerability exists in the web management interface of WTI Wireless Technology, Inc. version 3.5.0.r 2024/05/24 00:00:00. An unauthenticated attacker can craft malicious HTTP requests containing traversal sequences to access files outside of the intended web roo...

7.5CVSS6.1AI score0.00565EPSS
Exploits1References3
nvd
nvd
added 2026/07/07 5:16 p.m.10 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
cvelist
cvelist
added 2026/07/07 4:10 p.m.31 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
osv
osv
added 2026/06/29 12:30 p.m.2 views

CVE-2026-40521 FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload

FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal sequences in the uniquename parameter. Attackers can supply path traversal sequences...

8.7CVSS6.7AI score0.00627EPSS
Exploits0References6
euvd
euvd
added 2026/06/20 1:37 p.m.12 views

EUVD-2022-56008

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type value...

9.8CVSS6.8AI score0.00629EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/20 1:37 p.m.7 views

CVE-2022-50972

WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized product-type value...

9.8CVSS6.8AI score0.00629EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/11 12:40 p.m.17 views

MAL-2026-5640 Malicious code in ecto-corsair-whisper-6f3b9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8695ea17273c804f1a58e6c0b877de280f7472622065964245deb85cc62dae20 The package declares a postinstall lifecycle hook postinstall.js that runs automatically on npm install. The script shells out via curl to the EC2...

5.5AI score
Exploits0References27
redhatcve
redhatcve
added 2026/06/05 7:9 p.m.13 views

CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

9.3CVSS6AI score0.00653EPSS
Exploits0References1
snyk
snyk
added 2026/05/26 6:40 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

8.7CVSS6.3AI score0.00344EPSS
Exploits0References2
snyk
snyk
added 2026/05/26 6:40 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

8.7CVSS6.3AI score0.00344EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/26 4:30 p.m.47 views

CVE-2026-43982 Algernon: Path traversal file write via savein()

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn in lua/upload/upload.go uses filepath.Join with the caller-supplied directory but performs no boundary check after joining. A directory of ../../../tmp resolves cleanly to /tmp, outside the web root. This...

8.7CVSS0.00344EPSS
Exploits0References2
cve
cve
added 2026/05/26 4:30 p.m.27 views

CVE-2026-43982

Algernon (a small Go web server) has a path-traversal risk in lua/upload/upload.go: uploadedFileSaveIn() joins a caller-supplied directory with filepath.Join() and performs no boundary check after joining. A path like ../../../tmp can resolve to /tmp, bypassing web-root constraints. The issue aff...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.54 views

algernon 路径遍历漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.6 contained a path traversal vulnerability. This vulnerability stemmed from the uploadedFileSaveIn function in lua/upload/upload.go, which used filepath.Join to concatenate the directory provided by the...

8.7CVSS5.8AI score0.00344EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

WordPress plugin Download From Files 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

9.8CVSS5.9AI score0.00396EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/09 12:0 a.m.12 views

AzuraCast 路径遍历漏洞

AzuraCast is a simple, self-hosted network broadcasting management suite provided by AzuraCast Inc. Versions of AzuraCast prior to 0.23.6 contained a path traversal vulnerability. This vulnerability stemmed from the currentDirectory request parameter in the Flow.js media upload endpoint, which...

8.8CVSS6.2AI score0.00832EPSS
Exploits1References1
osv
osv
added 2026/05/07 3:19 a.m.3 views

CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.6AI score0.00484EPSS
Exploits0References4
Rows per page
Query Builder