CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.4AI score0.00079EPSS

Exploits0References1

RedhatCVE•added 3 days ago•6 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.5AI score0.00058EPSS

Exploits2References1

ATTACKERKB•added 3 days ago•5 views

CVE-2026-45743

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00028EPSS

Exploits1References3Affected Software1

NVD•added 2026/05/27 5:16 p.m.•11 views

CVE-2026-44329

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

10CVSS0.00058EPSS

Exploits1References4

OSV•added 2026/05/08 11:2 p.m.•2 views

GHSA-3258-QMV8-FRP3 free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

Summary free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab...

10CVSS5.8AI score0.00058EPSS

Exploits1References5

AlpineLinux•added 2026/05/05 7:37 p.m.•5 views

CVE-2026-35397

8.8CVSS5.8AI score0.00058EPSS

Exploits2

NVD•added 2026/04/14 4:16 p.m.•1 views

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

6.5CVSS0.00093EPSS

Exploits0References2

Vulnrichment•added 2026/04/09 5:1 p.m.•1 views

CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

8.8CVSS5.9AI score0.00051EPSS

Exploits1References3

RedhatCVE•added 2026/03/26 2:59 p.m.•1 views

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00484EPSS

Exploits1References1

CVE•added 2026/03/13 9:19 p.m.•19 views

CVE-2026-32709

The CVE describes an unauthenticated path traversal in PX4 Autopilot MAVLink FTP that allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem. On NuttX targets, attacker-supplied paths bypass sanitization due to an empty FTP root, whi...

6.8CVSS5.9AI score0.0005EPSS

Exploits1References1Affected Software1

CVE•added 2026/03/06 4:23 a.m.•7 views

CVE-2026-28676

OpenSift (before version 1.6.3-alpha) has a path-construction defect in multiple storage helpers that failed to consistently enforce base-directory containment for file read/write/delete operations, creating a path-injection risk. CVSS 3.1 base score 8.8 (HIGH) with network attack vector, low att...

8.8CVSS5.8AI score0.00093EPSS

Exploits0References5Affected Software1

EUVD•added 2026/03/06 4:23 a.m.•4 views

EUVD-2026-9987

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

8.8CVSS5.8AI score0.00093EPSS

Exploits0References5

Cvelist•added 2026/03/06 4:23 a.m.•25 views

CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations

8.8CVSS0.00093EPSS

Exploits0References5

NVD•added 2026/01/14 3:16 p.m.•5 views

CVE-2025-9142

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory...

7.5CVSS0.00013EPSS

Exploits0References1

CNNVD•added 2026/01/14 12:0 a.m.•3 views

Check Point Harmony SASE 安全漏洞

Check Point Harmony SASE is a Secure Access Service edge application from Check Point Israel. A security vulnerability exists in Check Point Harmony SASE that originates when a local user can trigger a client to write or delete files outside of the expected certificate working directory...

7.5CVSS6.5AI score0.00013EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:51 a.m.•5 views

CVE-2022-42002

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...

9.1CVSS7.1AI score0.00361EPSS

Exploits1References1

CNNVD•added 2025/12/24 12:0 a.m.•2 views

Microhard Systems IPn4G 安全漏洞

Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0, which stems from an uncleared parameter in the system-editor.sh script that could allow arbitrary files to be read, modified, or deleted...

9.8CVSS6.8AI score0.00154EPSS

Exploits2References3

CNVD•added 2025/11/14 12:0 a.m.•4 views

SAP Business Connector Path Traversal Vulnerability

SAP Business Connector is a middleware from SAP, Germany. SAP Business Connector suffers from a path traversal vulnerability that can be exploited by an attacker to traverse directories on the system to read, write, overwrite, and delete arbitrary files on the host system...

6.8CVSS6.9AI score0.00074EPSS

Exploits0References1

SUSE CVE•added 2025/10/29 12:24 a.m.•2 views

SUSE CVE-2025-53880

A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list o...

8.8CVSS7AI score0.00444EPSS

Exploits0References7

RedhatCVE•added 2025/10/24 10:38 p.m.•6 views

CVE-2025-61934

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

10CVSS7.2AI score0.00368EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by