Lucene search
K

253 matches found

Nuclei
Nuclei
added 9 hours ago16 views

Flowise 1.4.3 - Arbitrary File Read

Flowise 1.4.3 contains a path traversal caused by lack of sanitization of 'fileName' parameter in /api/v1/openai-assistants-file endpoint in index.ts, letting attackers read arbitrary files, exploit requires attacker to send crafted request. id: CVE-2024-36420 info: name: Flowise 1.4.3 - Arbitrar...

7.5CVSS7.2AI score0.01761EPSS
Exploits3References3
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-48520

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...

6.1CVSS0.00249EPSS
Exploits1References1
CVE
CVE
added 2026/06/17 8:7 p.m.22 views

CVE-2026-11407

PIMCORE CMS/DXP 12.3.8 contains a sandbox bypass in the Twig SecurityPolicy (checkMethodAllowed and checkPropertyAllowed). Authenticated administrative attackers can craft malicious Twig templates via DataObject ClassDefinition Layout\Text to execute arbitrary PHP object methods, perform file rea...

8.6CVSS6.8AI score0.00623EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 8:33 p.m.10 views

EUVD-2026-35831

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 7:24 p.m.20 views

CVE-2026-47909

Dreamweaver Desktop (Windows/macOS) prior to or equal to version 21.7 is affected by an Improper Input Validation vulnerability that can lead to arbitrary file system read. The issue allows access to sensitive files/directories outside the intended scope and requires user interaction: a victim mu...

6.3CVSS5.6AI score0.00148EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.12 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

9.9CVSS5.6AI score0.00416EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:24 p.m.9 views

CVE-2026-46393 HAXcms createSite SSRF Enables Arbitrary File Read

HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enablin...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 2:24 p.m.11 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:13 p.m.11 views

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...

5.9AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/21 1:12 p.m.9 views

CVE-2026-44051

A flaw was found in Netatalk. This vulnerability allows an attacker to perform arbitrary file reads by creating attacker-controlled symbolic links. This could lead to the disclosure of sensitive information on the affected system...

8.1CVSS5.8AI score0.00477EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 9:18 a.m.7 views

SUSE-SU-2026:2029-1 Security update for vim

This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. Other fixes: - Update to 9.2.0398. 9.2.0398: MS-Windows: missing strptime support 9.2.0397: tabpanel: double-click opens...

7.8CVSS6.2AI score0.0062EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 6:30 p.m.13 views

EUVD-2026-27873

NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and content.files values or creati...

9.3CVSS5.9AI score0.00148EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 5:16 p.m.18 views

CVE-2026-7875

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

9.3CVSS0.00148EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 12:16 a.m.4 views

CVE-2026-41296

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files...

8.8CVSS0.002EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the readFile function of the remote file system bridge, which could allow bypassing...

8.8CVSS5.9AI score0.002EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/15 12:0 a.m.8 views

Adobe Framemaker Input Validation Error Vulnerability (CNVD-2026-19992)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An input validation error vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause...

6.3CVSS5.9AI score0.00155EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Adobe Framemaker 输入验证错误漏洞

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An input validation error vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause...

6.3CVSS5.9AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 7:23 p.m.6 views

EUVD-2026-21164

PraisonAIAgents: Arbitrary File Read via readskillfile Missing Workspace Boundary and Approval Gate...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/10 10:20 a.m.5 views

CVE-2026-4660

A flaw was found in the go-getter library. A remote attacker could exploit this vulnerability by providing a maliciously crafted URL during certain git operations. This could allow the attacker to perform arbitrary file reads on the file system, potentially leading to the disclosure of sensitive...

7.5CVSS5.9AI score0.00583EPSS
Exploits1References4
Rows per page
Query Builder