Lucene search
K

842 matches found

CVE
CVE
added 2 days ago6 views

CVE-2026-61444

PRAISONAi before 4.6.78 has a code‑injection vulnerability in deploy/api.py: the agents_file parameter is interpolated into an f-string without sanitization, allowing arbitrary Python code execution when the generated server code runs via subprocess.Popen(). Affected: PraisonAI

9.4CVSS6.2AI score0.00392EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 4:30 a.m.6 views

EUVD-2026-41485

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.8 views

CVE-2026-14352

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.35 views

CVE-2026-14352 AR for WooCommerce <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read via 'file' Parameter

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
NVD
NVD
added 2026/07/03 2:16 a.m.10 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00459EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.38 views

CVE-2026-14327 AR for WordPress <= 8.40 - Unauthenticated Arbitrary File Read via 'file' Parameter

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00459EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 1:28 a.m.10 views

EUVD-2026-41471

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00459EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 1:28 a.m.10 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00459EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55496

Name of the Vulnerable Software and Affected Versions AR for WooCommerce versions prior to 8.41 Description The plugin is subject to Directory Traversal, allowing unauthenticated attackers to read arbitrary files on the server that may contain sensitive information. This is possible via the file...

7.5CVSS6AI score0.00473EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.18 views

PT-2026-55444

Name of the Vulnerable Software and Affected Versions AR for WordPress versions prior to 8.41 Description An unauthenticated directory traversal flaw exists in the file handling logic of the plugin. The issue occurs when the public AJAX functionality accepts a user-controlled file parameter witho...

7.5CVSS6AI score0.00459EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54736

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 10:43 p.m.8 views

CVE-2026-40084

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 10:43 p.m.6 views

CVE-2026-40084

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS5.9AI score0.00324EPSS
Exploits1
CVE
CVE
added 2026/06/19 4:31 a.m.23 views

CVE-2026-4328

The WordPress Advanced Import plugin (versions ≤ 1.4.6) is vulnerable to Server-Side Request Forgery (SSRF). In demo_download_and_unzip(), the plugin passes the user-supplied demo_file from $_POST through sanitize_text_field() and then invokes wp_remote_get() when demo_file_type is 'url', without...

6.4CVSS6AI score0.00208EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.31 views

CVE-2026-7547 Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

4.9CVSS0.00397EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:30 a.m.15 views

EUVD-2026-35015

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

student_management_system 跨站脚本漏洞

studentmanagementsystem is a student information management tool personally developed by Vivek Singh. studentmanagementsystem has a cross-site scripting vulnerability. This vulnerability stems from improper handling of parameters such as name, address, and fname by an unknown function in the...

5.1CVSS4.5AI score0.00199EPSS
Exploits0References2
CVE
CVE
added 2026/06/06 2:28 a.m.29 views

CVE-2026-7565

CVE-2026-7565 affects LearnPress – Backup & Migration Tool for WordPress. All versions up to 4.1.4 are vulnerable to an Arbitrary File Read via Directory Traversal through the import-user-file parameter. Exploitation requires authenticated access at Administrator level or higher, allowing reading...

4.9CVSS5.6AI score0.00646EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6496

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

5.5CVSS5.4AI score0.00455EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 11:29 a.m.47 views

CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS0.00414EPSS
Exploits0References1
Rows per page
Query Builder