Lucene search
K

44503 matches found

EUVD
EUVD
added 2026/05/13 6:30 p.m.8 views

EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

5.9AI score0.00409EPSS
Exploits2References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.6 views

EUVD-2026-29949

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

6.2AI score0.00284EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 6:5 p.m.15 views

CVE-2026-0259

CVE-2026-0259 affects Palo Alto Networks WildFire Appliance WF-500 and WF-500-B operating in the default non-FIPS configuration. It enables an arbitrary File Read and Delete vulnerability over the network, allowing access to sensitive information and deletion of arbitrary files. Impact is describ...

7.1CVSS5.9AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 6:5 p.m.7 views

CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS5.9AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.8 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

6.5CVSS0.00409EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/05/13 2:22 p.m.12 views

CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

5.9CVSS5.9AI score0.00513EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.10 views

CVE-2023-27753

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

8CVSS6.2AI score0.00332EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 2:17 p.m.7 views

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

7.3CVSS0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.6 views

CVE-2026-20916

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS6AI score0.00366EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.28 views

CVE-2026-20916 BIG-IQ iControl REST vulnerability

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS0.00366EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.24 views

CVE-2026-20916

CVE-2026-20916 affects BIG-IQ Centralized Management (iControl REST). An authenticated iControl REST user with low privileges can remotely create or modify arbitrary files via an undisclosed endpoint, with a path traversal weakness enabling control-plane impact (no data-plane exposure). In F5’s a...

8.1CVSS6AI score0.00366EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/13 1:1 p.m.10 views

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS0.00473EPSS
Exploits1References2
NVD
NVD
added 2026/05/13 1:1 p.m.11 views

CVE-2026-25710

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...

7CVSS0.00134EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/13 10:40 a.m.9 views

WordPress Avada (Fusion) Builder plugin <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Fusion Builder versions = 3.15.2...

6.5CVSS5.8AI score0.00473EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/13 9:26 a.m.24 views

EUVD-2026-29933

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 9:26 a.m.11 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:26 a.m.5 views

CVE-2026-4782

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS5.9AI score0.00473EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/13 9:26 a.m.47 views

CVE-2026-4782 Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter

The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusiongetsvgfromfile' function with the 'customsvg' parameter of the 'fusionsectionseparator' shortcode. This makes it possible for authenticated attackers, with...

6.5CVSS0.00473EPSS
Exploits1References2
CVE
CVE
added 2026/05/13 9:26 a.m.27 views

CVE-2026-4782

The Wordfence-disclosed analysis confirms CVE-2026-4782 affects Avada Builder (Fusion Builder)

6.5CVSS5.9AI score0.00473EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/13 8:44 a.m.6 views

CVE-2026-25710

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown arbitrary files in the system...

7CVSS5.8AI score0.00134EPSS
Exploits0References2
Rows per page
Query Builder