Lucene search
K

6510 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40899

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40937

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.21.1 Description An authorization bypass exists in the OAuth1 and OAuth2 credential reconnect endpoints. These endpoints incorrectly authorized access using...

8.3CVSS5.8AI score0.00315EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symli...

6CVSS5.9AI score0.00169EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 10:6 p.m.8 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/05/13 10:6 p.m.40 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS0.07244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 10:6 p.m.6 views

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.14 views

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

8.7CVSS5.9AI score0.00606EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.8 views

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.8 views

EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

5.9AI score0.00387EPSS
Exploits2References3
CVE
CVE
added 2026/05/13 6:5 p.m.15 views

CVE-2026-0259

CVE-2026-0259 affects Palo Alto Networks WildFire Appliance WF-500 and WF-500-B operating in the default non-FIPS configuration. It enables an arbitrary File Read and Delete vulnerability over the network, allowing access to sensitive information and deletion of arbitrary files. Impact is describ...

7.1CVSS5.9AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:5 p.m.7 views

CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS5.9AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.10 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

6.5CVSS0.00387EPSS
Exploits2References1
NVD
NVD
added 2026/05/13 1:1 p.m.11 views

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS0.00473EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/05/13 10:40 a.m.9 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Fusion Builder versions = 3.15.2...

6.5CVSS5.8AI score0.00473EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 9:26 a.m.49 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS0.00473EPSS
Exploits1References2
CVE
CVE
added 2026/05/13 9:26 a.m.27 views

CVE-2026-4782

The Wordfence-disclosed analysis confirms CVE-2026-4782 affects Avada Builder (Fusion Builder)

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 9:26 a.m.12 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/13 9:26 a.m.25 views

EUVD-2026-29933

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:26 a.m.6 views

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References3
Rows per page
Query Builder