Lucene search
K

16615 matches found

NVD
NVD
added 2026/06/09 1:16 p.m.12 views

CVE-2017-20248

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

8.7CVSS0.00641EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.7 views

Vite: Vite: Information disclosure via WebSocket connection bypasses access control

A flaw was found in Vite, a frontend tooling framework. A remote attacker can exploit this vulnerability by connecting to the Vite development server's WebSocket without an Origin header. This allows the attacker to invoke the fetchModule function, enabling them to retrieve the contents of...

8.2CVSS5.6AI score0.02907EPSS
Exploits3References5
NVD
NVD
added 2026/06/09 11:16 a.m.15 views

CVE-2026-47351

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

5.3CVSS0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47744

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 10.4.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users can insert arbitrary records and files into the clipboard without proper read permission checks. This allows unauthorized users to...

5.3CVSS5.3AI score0.00238EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48147

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00085EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 6:27 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized string concatenation in the authglinet middleware when the application is started in GLiNET mode. An attacker can gain full administrative access by supplying a crafted path traversal sequence in the...

9.4CVSS6.2AI score0.00542EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 10:16 a.m.14 views

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS0.00455EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 9:28 a.m.43 views

CVE-2026-9506 Path Traversal Vulnerability in Bagisto

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS0.00455EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 9:28 a.m.7 views

CVE-2026-9506 Path Traversal Vulnerability in Bagisto

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 9:28 a.m.40 views

CVE-2026-9506

The CVE-2026-9506 issue affects Bagisto in the ImageCacheController where improper validation of user-supplied input enables path traversal via the filename parameter. This unauthenticated remote attacker could read arbitrary sensitive files outside the intended directory, as stated in the connec...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.17 views

PT-2026-47266

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : YARD vulnerability (USN-8394-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8394-1 advisory. It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An...

7.5CVSS5.7AI score0.00388EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

WordPress plugin admin-word-count-column 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.9CVSS5.6AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.23 views

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.18 views

CVE-2026-11431

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...

8.3CVSS5.5AI score0.00517EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-5411

The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...

8.8CVSS6.1AI score0.00449EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/06 2:28 a.m.13 views

EUVD-2026-34944

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.8 views

CVE-2026-9197

The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 12:31 a.m.12 views

EUVD-2026-34919

A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...

8.3CVSS5.5AI score0.00517EPSS
Exploits0References2
Rows per page
Query Builder