Lucene search
K

44537 matches found

Patchstack
Patchstack
added 2026/05/06 3:34 p.m.11 views

WordPress WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Ly Hoang in WordPress Plugin WP-Optimize versions = 4.5.2...

8.1CVSS5.8AI score0.0095EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 2:14 p.m.23 views

WordPress Betheme theme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability

Authenticated Author+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Wordfence in WordPress Theme Betheme versions = 28.4...

8.8CVSS5.9AI score0.00612EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27653

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 12:30 p.m.11 views

Apache Wicket has a Path Traversal issue

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:28 a.m.6 views

CVE-2026-43975

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

5.9AI score0.00732EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/06 8:28 a.m.25 views

CVE-2026-43975

CVE-2026-43975 affects Apache Wicket via the FolderUploadsFileManager, which fails to validate or sanitize the uploadFieldId parameter or the clientFileName when constructing file paths. This can let an unauthenticated attacker write files outside the intended upload directory or read files from ...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/06 8:16 a.m.33 views

CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

4.9CVSS0.00554EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/06 6:47 a.m.8 views

CVE-2026-6344 Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

4.9CVSS5.9AI score0.00554EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/06 6:47 a.m.8 views

EUVD-2026-27536

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

4.9CVSS5.9AI score0.00554EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:47 a.m.6 views

CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

4.9CVSS5.9AI score0.00554EPSS
Exploits0References11
CVE
CVE
added 2026/05/06 6:47 a.m.27 views

CVE-2026-6344

CVE-2026-6344 affects the WordPress Fluent Forms plugin (versions ≤ 6.2.1). The vulnerability arises in EmailNotificationActions::getAttachments() where attacker-supplied file-upload URLs are resolved to filesystem paths without strictly enforcing the uploads directory boundary. Path traversal se...

4.9CVSS5.9AI score0.00554EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.6 views

SUSE CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

5.3CVSS5.9AI score0.00573EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37432

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket versions 9.0.0 through 9.22.0 Apache Wicket versions 10.0.0 through 10.8.0 Description FolderUploadsFileManager fails to validate or sanitize the uploadFieldId parameter or the...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Apache Wicket 路径遍历漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37349

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

4.9CVSS5.9AI score0.00554EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-38255

Name of the Vulnerable Software and Affected Versions Slider Revolution versions 7.0.0 through 7.0.10 Description Insufficient file type validation in the get media url and check file path functions allows authenticated attackers with subscriber-level access or higher to perform an Arbitrary File...

8.8CVSS6.5AI score0.00815EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38244

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An arbitrary file read issue exists in the QMD backend memory get function. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths,...

4.3CVSS5.9AI score0.00226EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.5 views

RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3811 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - kubernetes: Incomplete fixes...

7.5CVSS6AI score0.25939EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.1 jenkins (RHSA-2019:2548)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2548 advisory. - jenkins: Arbitrary file write vulnerability using file parameter definitions SECURITY-1424 CVE-2019-10352 - jenkins: CSRF protecti...

7.5CVSS5.8AI score0.10225EPSS
Exploits1References8
OSV
OSV
added 2026/05/05 9:34 p.m.4 views

GHSA-HMCX-CH82-3FV2 Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References5
Rows per page
Query Builder