Lucene search
K

13716 matches found

Nuclei
Nuclei
added 18 hours ago100 views

Gradio < 2.5.0 - Arbitrary File Read

Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...

7.7CVSS7AI score0.03794EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago71 views

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

7.5CVSS7.1AI score0.02941EPSS
Exploits2References3
Nuclei
Nuclei
added 18 hours ago125 views

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. id:...

5.3CVSS6.7AI score0.02419EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago29 views

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

5.8CVSS6.1AI score0.00682EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago29 views

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

9.8CVSS7.3AI score0.70947EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago27 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.1AI score0.55008EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago9 views

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...

8.5CVSS6.2AI score0.01441EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago20 views

Danswer - Insecure Direct Object Reference

The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file. id: CVE-2024-9617 info: name: Danswer - Insecure Direct Object Reference author: s4e-io severity: medium...

6.5CVSS6.6AI score0.01557EPSS
Exploits0
Nuclei
Nuclei
added 18 hours ago38 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS7.1AI score0.03847EPSS
Exploits14References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42983

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...

7.1CVSS6.2AI score0.00329EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-59793

CVE-2026-59793 affects JetBrains TeamCity prior to version 2026.1.2. The issue allows arbitrary file access via the Perforce VCS integration, due to the Perforce VCS integration component. Impact is described as high for confidentiality, integrity, and availability. The CVSS vector indicates netw...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 3 days ago10 views

EUVD-2026-42911

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-57961

phpMyFAQ قبل 4.1.5 contains an authenticated path traversal in Export/Pdf/Wrapper.php (concatenatePaths). An FAQ editor can inject HTML that includes crafted image paths; the code uses strpos() to locate the substring “content” in a user-controlled path, and if “content” is absent the result beco...

5.1CVSS6.1AI score0.0027EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42856

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS6.1AI score0.0047EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

8.7CVSS6.1AI score0.01228EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-50180

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...

8.7CVSS0.00686EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42748

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score0.0029EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-59212

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, verifyknowledgefileaccess only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user...

5.4CVSS0.00308EPSS
Exploits1References4
Rows per page
Query Builder