Lucene search
K

178 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40050

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
NVD
NVD
added 2026/06/13 3:16 a.m.22 views

CVE-2026-54228

A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can call SetElement to write arbitrary text files into the root-owned dump directory, bypassing package...

7.8CVSS0.00103EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 2:47 p.m.9 views

CVE-2026-53777 Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

8.6CVSS5.6AI score0.00379EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 12:32 a.m.14 views

EUVD-2026-36146

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle MITM attack, to write arbitrary files to the...

9.8CVSS6.9AI score0.27095EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Palo Alto Networks Cortex Xsoar 路径遍历漏洞

Palo Alto Networks Cortex Xsoar is a security orchestration and response Soar platform developed by Palo Alto Networks in the United States. Palo Alto Networks Cortex Xsoar has a path traversal vulnerability. This vulnerability arises from path traversal attacks, which may allow unauthenticated...

7.5CVSS5.5AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS5.6AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4502

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

6.5CVSS5.6AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40909

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...

8.7CVSS5.7AI score0.00656EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:16 p.m.11 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 5:16 a.m.14 views

CVE-2026-32997

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server...

8.6CVSS0.00514EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:38 a.m.14 views

CVE-2025-13593

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/05/13 12:37 p.m.14 views

K000158029: iControl REST vulnerability CVE-2026-20916

Security Advisory Description An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. CVE-2026-20916 Impact An authenticated attacker with low privileges can exploit this vulnerability remotel...

8.1CVSS5.8AI score0.00366EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.6 views

PT-2026-36498

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

5.9AI score0.00148EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:57 p.m.7 views

CVE-2026-4502

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36189

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36760

An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations while chunked upload is enabled...

9.6CVSS5.7AI score0.00383EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36133

Name of the Vulnerable Software and Affected Versions shopizer version 3.2.5 Description A path traversal issue in the '/content/images/add' endpoint allows attackers to write arbitrary files to any writable path using a crafted POST request. Path traversal is a technique that allows an attacker ...

10CVSS5.9AI score0.00412EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/23 12:31 a.m.4 views

EUVD-2026-25132

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS5.9AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder