Lucene search
+L

406 matches found

EUVD
EUVD
added 2026/05/27 8:32 a.m.12 views

EUVD-2025-209953

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct...

5.9CVSS5.8AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:32 a.m.11 views

CVE-2025-10466

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct...

5.9CVSS5.8AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:32 a.m.11 views

CVE-2025-10466

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct...

5.9CVSS5.8AI score0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 8:29 a.m.12 views

CVE-2024-47270

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.8AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:22 a.m.11 views

CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

5.8AI score0.01452EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.21 views

PT-2026-43590

Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business Agent versions prior to 3.1.0-4967 Description An origin validation error occurs during installation, which allows local users to write arbitrary files containing restricted content. Recommendations Update t...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43584

Name of the Vulnerable Software and Affected Versions Synology Contacts versions prior to 1.0.10-20659 Description Improper neutralization of input during web page generation leads to a Cross-site Scripting XSS issue in the contact functionality. This allows remote authenticated users to read or...

5.4CVSS5.8AI score0.00254EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.14 views

Synology Surveillance Station 路径遍历漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. Versions of Synology Surveillance Station prior to 9.2.2-11575 and 9.2.2-9575 have a path traversal vulnerabilit...

2.7CVSS5.8AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43583

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.8AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 6:52 p.m.6 views

CVE-2026-45242 Summarize < 0.15.1 Path Traversal via slidesDir Parameter

Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence in the slidesDir request parameter. Attackers can exploit...

7.1CVSS6AI score0.00396EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/18 10:39 a.m.15 views

EUVD-2026-30764

SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.10 views

CVE-2026-41693

i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write the resulting fil...

8.2CVSS5.7AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 p.m.14 views

EUVD-2026-29762

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 8:2 p.m.33 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.01102EPSS
Exploits2References1
CVE
CVE
added 2026/05/12 8:2 p.m.28 views

CVE-2026-44225

CVE-2026-44225 (Pulpy) : The vulnerability affects Pulpy, a cross-platform desktop app packager for web apps. Before version 0.1.1, Pulpy injects a pulpy.fs JavaScript API into packaged web apps and the intended sandbox via validateFsPath() is incomplete, allowing a web app to read and write arbi...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References1
CVE
CVE
added 2026/05/12 7:50 p.m.18 views

CVE-2026-34653

Adobe Commerce users affected: versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are impacted by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal). The vulnerability allows an authenticated administrator to read or write arbitrary ...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:50 p.m.47 views

CVE-2026-34653 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS0.00606EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:50 p.m.9 views

CVE-2026-34653 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:50 p.m.8 views

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 7:50 p.m.3 views

CVE-2026-34653 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS6.1AI score0.00606EPSS
Exploits0References3
Rows per page
Query Builder