Lucene search
K

6481 matches found

Snyk
Snyk
added 2026/03/10 1:4 a.m.2 views

Directory Traversal

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Directory Traversal via the Loader.candidates resolution when require.resolve is used as a fallback; an attacker can read arbitrary...

8.7CVSS6.2AI score0.00557EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

Flare 路径遍历漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.3 contained a path traversal vulnerability. This vulnerability stemmed from the /api/avatars/filename path traversal, which could lead to arbitrary file reading...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.248 views

📄 Vite 6.2.2 Arbitrary File Read

Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...

7.5CVSS6.6AI score0.76736EPSS
Exploits28
Vulnrichment
Vulnrichment
added 2026/03/09 10:28 p.m.3 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.4AI score0.01028EPSS
Exploits1References1
CVE
CVE
added 2026/03/09 10:28 p.m.13 views

CVE-2026-30869

SiYuan contains a path traversal vulnerability in the /export endpoint prior to version 3.5.10. Double-encoded traversal sequences can read arbitrary server files (e.g., conf/conf.json) containing secrets such as the API token, cookie signing key, and workspace authentication code. Leakage could ...

9.8CVSS6.4AI score0.01028EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/09 10:28 p.m.5 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.5AI score0.01028EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/09 9:31 p.m.8 views

NLTK has Arbitrary File Read via Absolute Path Input in nltk.util.filestring()

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS7.5AI score0.00428EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/03/09 9:31 p.m.7 views

EUVD-2026-10350

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/09 9:31 p.m.7 views

EUVD-2026-10351

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/09 9:8 p.m.2 views

CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6CVSS5.8AI score0.00732EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/09 9:8 p.m.41 views

CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6CVSS0.00732EPSS
Exploits0References4
CVE
CVE
added 2026/03/09 9:8 p.m.104 views

CVE-2026-1776

Camaleon CMS CVE-2026-1776 affects versions 2.4.5.0–2.9.0 prior to commit f54a77e, with a path traversal vulnerability in the CamaleonCmsAwsUploader AWS S3 backend. Authenticated users can trigger download_private_file to bypass path validation (valid_folder_path?) and read arbitrary files on the...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/09 8:44 p.m.7 views

CVE-2026-0846

A flaw was found in the nltk component. This vulnerability, specifically within the filestring function of the nltk.util module, allows an attacker to perform arbitrary file reads. By providing specially crafted input paths, either absolute or using directory traversal, an attacker can bypass inp...

8.6CVSS5.8AI score0.00428EPSS
Exploits1References4
PyPA
PyPA
added 2026/03/09 8:16 p.m.9 views

PYSEC-2026-97

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS7.4AI score0.00428EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/09 8:16 p.m.6 views

DEBIAN-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

7.5CVSS8.1AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/03/09 8:16 p.m.7 views

PYSEC-2026-97

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

7.5CVSS5.9AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/03/09 8:16 p.m.5 views

UBUNTU-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References7
CVE
CVE
added 2026/03/09 7:19 p.m.18 views

CVE-2026-0846

The CVE concerns nltk 3.9.2, specifically the filestring() function in nltk.util, which opens user-supplied file paths without proper sanitization. This allows arbitrary file read by passing absolute or traversal paths, enabling access to sensitive system files. Exploitation can occur locally or ...

8.6CVSS7.3AI score0.00428EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/03/09 7:19 p.m.26 views

CVE-2026-0846 Arbitrary File Read via Absolute Path Input in nltk.util.filestring()

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS0.00428EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 7:19 p.m.5 views

CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
Rows per page
Query Builder