Lucene search
+L

1586 matches found

nuclei
nuclei
added 12 hours ago272 views

MobSF - Path Traversal

MobSF is vulnerable to an issue with apktool CVE-2024-21633 that allows for RCE or arbitrary file writing. It does this through a path traversal vulnerability. This template tests for it by writing to a local file and reading that file. RCE can be achieved by overwriting jadx, as shown in the two...

7.8CVSS7AI score0.0132EPSS
Exploits2
cve
cve
added yesterday10 views

CVE-2026-46485

Dashy (self-hosted dashboard) is affected prior to version 4.0.8 where the config-saving functionality can allow unauthorized changes to the main config.yaml via OIDC deployments, enabling unauthenticated or non-admin users to modify dashboard configuration. Root cause: permission checks around c...

8.2CVSS6.1AI score0.00129EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago32 views

CVE-2026-55233 OpenResty: Buffer overflow when writing PROXY protocol v2 header to upstream

OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds write vulnerability exists in the upstream PROXY protocol v2 implementation. When OpenResty is configured to send PROXY protocol version 2 headers to upstream servers, constructing the header in the...

7.5CVSS0.00343EPSS
Exploits0References2
debiancve
debiancve
added 2026/07/08 7:33 p.m.5 views

CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6AI score0.00132EPSS
Exploits0
nessus
nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-4360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References3
debiancve
debiancve
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56365

ImageMagick before 7.1.2-19 contains a memory leak vulnerability in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service...

6.3CVSS5.8AI score0.00284EPSS
Exploits0
snyk
snyk
added 2026/06/25 5:20 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the org.opencontainers.image.title annotation in the artifact manifest when downloading OCI artifacts. An attacker can cause files to be written to arbitrary locations on the host filesystem by supplying a crafte...

8.1CVSS6.6AI score0.00292EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/23 4:8 p.m.34 views

CVE-2026-50023 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

8.3CVSS0.00555EPSS
Exploits1References4
osv
osv
added 2026/06/22 5:39 a.m.4 views

BIT-DOTNET-2026-32175 .NET Core Tampering Vulnerability

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

4.3CVSS6AI score0.00711EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/18 6:21 p.m.10 views

CVE-2026-44942

A flaw was found in libzypp. This path traversal vulnerability, present in the handling of the "path" component within .repo files, could allow attackers to write content to directories outside of the intended zypp cache. This unauthorized writing of data can lead to a Denial of Service DoS by...

6.5CVSS5AI score0.00329EPSS
Exploits0References5
cve
cve
added 2026/06/17 3:4 p.m.21 views

CVE-2025-71321

CVE-2025-71321 concerns the Python toolset picker scan showing an arbitrary file writing vulnerability in the package before version 0.0.33. The root cause is bypassing the dangerous blocklist by abusing distutils.file_util.write_file, enabling attackers to craft malicious pickle objects that ove...

9.8CVSS6AI score0.00624EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/17 3:4 p.m.26 views

CVE-2025-71321 picklescan - Arbitrary File Writing via distutils Module Bypass

picklescan before 0.0.33 contains an arbitrary file writing vulnerability that allows attackers to bypass the dangerous blocklist by using distutils.fileutil.writefile. Attackers can construct malicious pickle objects to overwrite critical system files and achieve denial of service or remote code...

9.8CVSS0.00624EPSS
Exploits0References2
snyk
snyk
added 2026/06/10 11:12 p.m.10 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
snyk
snyk
added 2026/06/10 11:12 p.m.10 views

Directory Traversal

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.20 views

AMD uProf 安全漏洞

AMD uProf is a cross-platform performance analysis tool developed by AMD, a company specializing in semiconductors. AMD uProf has a security vulnerability that stems from improper access control. This vulnerability could allow local attackers with user privileges to write to the kernel’s shared...

6.8CVSS5.4AI score0.001EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.16 views

PT-2026-48153

The RemoteControl API methods invite participants and remind participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References4
euvd
euvd
added 2026/06/05 8:3 p.m.11 views

EUVD-2026-34914

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

10CVSS6.4AI score0.00709EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.13 views

Markdown Preview Enhanced 安全漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained security vulnerabilities. These vulnerabilities stemmed from the use of eval to parse WaveDrom expressions in untrusted markdown content, which...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.12 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...

9.9CVSS6.2AI score0.0066EPSS
Exploits0References1
snyk
snyk
added 2026/05/28 10:28 p.m.11 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the validatepathelementntfs function. An attacker can write arbitrary files and potentially execute code in the victim's user context by crafting malicious Git repositories with NTFS-hostile tree entries that are...

8.8CVSS6.4AI score0.00635EPSS
Exploits0References2
Rows per page
Query Builder