Lucene search
K

6481 matches found

Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24892

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.18.20 through 1.21.10 HashiCorp Consul version 1.22.4 HashiCorp Consul Enterprise versions 1.18.20 through 1.21.10 HashiCorp Consul Enterprise version 1.22.4 Description HashiCorp Consul and Consul Enterprise are...

9.9CVSS7.2AI score0.22162EPSS
Exploits68References143
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24719

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

OpenProject 路径遍历漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had a path traversal vulnerability. This vulnerability stemmed from authenticated project members with BCF import privileges being able to upload custom.bcf archives. In such archives, the...

6.5CVSS5.9AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 9:34 p.m.28 views

CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS0.01056EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:34 p.m.3 views

CVE-2026-28807

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 9:34 p.m.4 views

CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References4
OSV
OSV
added 2026/03/10 9:34 p.m.7 views

EEF-CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/10 8:9 p.m.3 views

CVE-2026-30942

A flaw was found in Flare, a file sharing platform. An authenticated path traversal vulnerability exists in the /api/avatars/filename endpoint, allowing a logged-in user to read arbitrary files from the application container. This occurs because the filename parameter is not properly sanitized,...

8.3CVSS5.8AI score0.00608EPSS
Exploits1References6
OSV
OSV
added 2026/03/10 6:28 p.m.3 views

GO-2026-4646 SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel

SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

9.8CVSS5.8AI score0.01028EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/10 5:1 p.m.29 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS0.00462EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/10 5:1 p.m.2 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/10 5:1 p.m.3 views

EUVD-2026-10564

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References2
CVE
CVE
added 2026/03/10 5:1 p.m.14 views

CVE-2026-30958

OneUptime CVE-2026-30958 describes an unauthenticated path traversal vulnerability in the /workflow/docs/:componentName endpoint, where the componentName parameter is directly concatenated into the server file path used by res.sendFile(), enabling arbitrary file reads. Root cause: lack of sanitiz...

8.6CVSS5.9AI score0.00462EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/10 5:1 p.m.2 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.26 views

CVE-2026-30942 Flare has a Path Traversal in /api/avatars/[filename]

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS0.00608EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/10 3:33 a.m.4 views

CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 3:33 a.m.30 views

CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS0.0035EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 3:33 a.m.17 views

CVE-2026-3585

The Events Calendar WordPress plugin (up to v6.15.17) is affected by a path traversal vulnerability in the ajax_create_import function. The issue allows authenticated attackers with Author-level access or higher to read arbitrary files on the server, exposing sensitive information. The vulnerabil...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References3
Rows per page
Query Builder