Lucene search
+L

55 matches found

osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-276 Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...

9.8CVSS5.9AI score0.00823EPSS
Exploits0References8
euvd
euvd
added 2026/06/25 3:25 p.m.8 views

EUVD-2026-39442

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1
nvd
nvd
added 2026/06/05 2:16 p.m.16 views

CVE-2026-50234

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

8.7CVSS0.0064EPSS
Exploits2References2
cve
cve
added 2026/06/05 1:24 p.m.39 views

CVE-2026-50234

Affected product: Lyrion Music Server 9.2.0. Vulnerability: Path traversal in the web server context allowing unauthenticated attackers to read arbitrary files by manipulating file path parameters. Root cause / vector: Directory traversal outside the intended directory structure. Impact: Confiden...

8.7CVSS5.6AI score0.0064EPSS
Exploits2References2
attackerkb
attackerkb
added 2026/06/05 1:24 p.m.11 views

CVE-2026-50234

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

8.7CVSS5.6AI score0.0064EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2026/06/05 1:24 p.m.43 views

CVE-2026-50234 Lyrion Music Server 9.2.0 Path Traversal File Read

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

8.7CVSS0.0064EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.23 views

PT-2026-46953

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A path traversal issue exists in the web server context, allowing unauthenticated attackers to read arbitrary files. By manipulating file path parameters, an attacker can access sensitive files...

8.7CVSS5.6AI score0.0064EPSS
Exploits2References6
attackerkb
attackerkb
added 2026/05/29 1:5 p.m.9 views

CVE-2026-45731

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS6AI score0.00469EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2026/05/12 9:31 p.m.9 views

EUVD-2026-29748

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References3
nvd
nvd
added 2026/05/12 7:16 p.m.16 views

CVE-2026-8429

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS0.00502EPSS
Exploits0References2
cve
cve
added 2026/05/12 6:43 p.m.22 views

CVE-2026-8430

CVE-2026-8430 affects SPIP versions prior to 4.4.14. The vulnerability is a remote code execution in the public space, limited to certain nginx configurations, allowing attackers to run arbitrary code in the web server context. Exploitation relies on specific nginx configuration scenarios and is ...

9.2CVSS6.7AI score0.00434EPSS
Exploits0References2
cve
cve
added 2026/05/12 6:32 p.m.22 views

CVE-2026-8429

SPIP versions prior to 4.4.14 are affected by a remote code execution vulnerability in the private space, allowing an attacker to execute arbitrary code in the web server context. Affected component: SPIP core (private space); impact is high on confidentiality, integrity, and availability as desc...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/12 6:32 p.m.7 views

CVE-2026-8429

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability to achieve code execution that bypasses the SPIP security screen protections...

8.8CVSS6.6AI score0.00502EPSS
Exploits0References3
metasploit
metasploit
added 2026/03/31 7:2 p.m.217 views

Grav CMS Admin Direct Install Authenticated Plugin Upload RCE

Grav CMS version use exploit/multi/http/gravadmindirectinstallrcecve202550286 msf exploitgravadmindirectinstallrcecve202550286 show targets ...targets... msf exploitgravadmindirectinstallrcecve202550286 set TARGET msf exploitgravadmindirectinstallrcecve202550286 show options ...show and set...

8.1CVSS6.5AI score0.09319EPSS
Exploits7
euvd
euvd
added 2026/03/20 12:31 a.m.5 views

EUVD-2026-13416

Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality. The issue exists in /websitecode/php/import/import.php where missing authentication checks allow an attacker to upload a crafted ZIP archive disguis...

9.8CVSS6.5AI score0.01479EPSS
Exploits2References3
euvd
euvd
added 2026/02/28 12:31 a.m.14 views

EUVD-2026-9098

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitation. If an attacker can modify the...

9.3CVSS6AI score0.05648EPSS
Exploits2References8
osv
osv
added 2026/02/27 10:12 p.m.8 views

CVE-2026-28517 openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter

openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in reportnetworkmap.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec without validation or sanitization. If an attacker can modify the...

9.3CVSS7.2AI score0.05648EPSS
Exploits2References10
ptsecurity
ptsecurity
added 2026/02/27 12:0 a.m.10 views

PT-2026-22427

Name of the Vulnerable Software and Affected Versions openDCIM versions 23.04 through commit 4467e9c4 Description The application retrieves the dot configuration parameter from the database and passes it directly to the exec function without validation or sanitation. If an attacker can modify the...

9.8CVSS6AI score0.05648EPSS
Exploits2References18
osv
osv
added 2026/02/25 3:8 a.m.4 views

CVE-2026-27744 SPIP tickets < 4.3.3 Unauthenticated RCE

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

9.3CVSS6.6AI score0.00908EPSS
Exploits0References8
nvd
nvd
added 2026/02/24 10:16 a.m.23 views

CVE-2024-56373

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

8.4CVSS0.01134EPSS
Exploits0References3
Rows per page
Query Builder