CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.8CVSS6AI score0.00854EPSS

Dulwich 路径遍历漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.10.0 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the fact that the path element verifier on Windows allowed filenames that were interpreted...

CNNVD•added 2026/06/10 12:0 a.m.•6 views

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the extended installer’s failure to...

8.4CVSS5.5AI score0.0016EPSS

Exploits1References1

8.4CVSS5.5AI score0.00077EPSS

Lenovo ThinkPad 加密问题漏洞

The Lenovo ThinkPad is a portable computer by the company Lenovo. The Lenovo ThinkPad has an encryption vulnerability, which stems from issues with the embedded controller firmware. This vulnerability may allow privileged local users to perform arbitrary read and write operations on privileged...

Positive Technologies•added 2026/06/10 12:0 a.m.•23 views

PT-2026-48436

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...

9.9CVSS5.5AI score0.00372EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•13 views

PT-2026-48557

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle MITM attack, to write arbitrary files to the...

7.5CVSS5.6AI score0.00156EPSS

Exploits0References3

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48570

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.9.13-50 ImageMagick versions prior to 7.1.2-25 Description An incorrect loop in the ICON decoder can result in an out of bounds heap write, which may lead to a crash. An out of bounds heap write occurs when a...

7.5CVSS5.7AI score0.01381EPSS

Exploits2References30

Snyk•added 2026/06/10 12:0 a.m.•2 views

Directory Traversal

Overview org.springframework.integration:spring-integration-file is a Spring Integration File Support Affected versions of this package are vulnerable to Directory Traversal via improper validation of file paths received from FTP, SFTP, or SMB servers. A malicious or compromised server can write...

8.7CVSS6.2AI score0.00177EPSS

CNNVD•added 2026/06/10 12:0 a.m.•11 views

Palo Alto Networks Cortex Xsoar 路径遍历漏洞

Palo Alto Networks Cortex Xsoar is a security orchestration and response Soar platform developed by Palo Alto Networks in the United States. Palo Alto Networks Cortex Xsoar has a path traversal vulnerability. This vulnerability arises from path traversal attacks, which may allow unauthenticated...

7.5CVSS5.5AI score0.00156EPSS

7.5CVSS5.4AI score0.00202EPSS

VMware Spring Data REST 访问控制错误漏洞

VMware Spring Data REST is a data interface provided by the American company VMware. It is used to build domain models based on Spring Data repositories, and to expose hypermedia-driven HTTP resources for aggregates contained within those models. VMware Spring Data REST versions 3.7.0 and earlier...

CNNVD•added 2026/06/10 12:0 a.m.•16 views

VMware Spring Security 代码问题漏洞

VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...

7.3CVSS5.5AI score0.00198EPSS

CNNVD•added 2026/06/10 12:0 a.m.•9 views

Assisted Migration Agent 后置链接漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...

9.6CVSS5.8AI score0.00291EPSS

4CVSS5.5AI score0.00155EPSS

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by errors in...

EUVD•added 2026/06/09 11:59 p.m.•7 views

EUVD-2026-35913

SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...

8.7CVSS5.8AI score0.00333EPSS

Exploits0References4

CVE•added 2026/06/09 11:59 p.m.•19 views

CVE-2026-44634

The CVE-2026-44634 affects SimpleBLE prior to version 0.14.0, with multiple stack-based buffer overflow flaws. One in the dongl backend’s Protocol::simpleble_write (local, caller-controlled input); two related to processing BLE advertisement data (manufacturer-specific and service data) that can ...

8.7CVSS5.8AI score0.00333EPSS

Exploits0References4

Cvelist•added 2026/06/09 11:49 p.m.•35 views

CVE-2026-41728 Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections

Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...

7.5CVSS0.00202EPSS