Lucene search
K

6481 matches found

Cvelist
Cvelist
added 2026/03/11 11:8 p.m.27 views

CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS0.00475EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 11:8 p.m.32 views

CVE-2026-2808

CVE-2026-2808 affects HashiCorp Consul and Consul Enterprise 1.18.20–1.21.10 and 1.22.4 when configured with Kubernetes authentication, enabling arbitrary file reads. The root cause involves unvalidated file paths for tokens via the Vault Kubernetes provider, allowing an attacker to read arbitrar...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 11:8 p.m.4 views

CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 11:8 p.m.4 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/11 11:8 p.m.2 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS8.1AI score0.00475EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/11 7:5 p.m.26 views

CVE-2026-31894 WeGIA affected by arbitrary file read via symlink in backup restore

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS0.00414EPSS
Exploits1References2
CVE
CVE
added 2026/03/11 7:5 p.m.10 views

CVE-2026-31894

WeGIA 3.6.5 is affected by a symlink handling issue in loadBackupDB(): tar.gz extraction with PHP PharData and subsequent glob/file_get_contents read SQL files without validating archive members as symbolic links, enabling potential arbitrary file read. The issue is fixed in 3.6.6.

7.5CVSS5.8AI score0.00414EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/11 7:5 p.m.3 views

CVE-2026-31894 WeGIA affected by arbitrary file read via symlink in backup restore

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS5.8AI score0.00414EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/11 6:23 p.m.4 views

CVE-2019-25472 IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile to read...

8.7CVSS5.9AI score0.00301EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/11 6:23 p.m.29 views

CVE-2019-25472 IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile to read...

8.7CVSS0.00301EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/11 4:21 p.m.6 views

SUSE CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.8AI score0.00428EPSS
Exploits1References3
NVD
NVD
added 2026/03/11 4:16 p.m.4 views

CVE-2026-30234

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

6.5CVSS0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:59 p.m.2 views

CVE-2026-30234

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/11 3:59 p.m.3 views

EUVD-2026-11202

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 3:59 p.m.12 views

CVE-2026-30234

OpenProject prior to 17.2.0 is affected. An authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or path traversal (e.g., /etc/passwd or ../../../../etc/passwd). During import, this untruste...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/11 1:32 p.m.25 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS0.00146EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 1:32 p.m.2 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/11 8:30 a.m.6 views

WordPress The Events Calendar plugin <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability

Authenticated Author+ Arbitrary File Read via ajaxcreateimport vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Events Calendar versions = 6.15.17...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.3 views

CVE-2026-3585

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.5 views

OpenClaw 路径遍历漏洞

OpenClaw is a tool for configuration management that supports loading external configuration files via the include directive. An arbitrary file read vulnerability exists in OpenClaw. An attacker can use this vulnerability to read sensitive files, such as API keys and credentials, outside of the...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References3
Rows per page
Query Builder