Lucene search
K

1005 matches found

CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

Koha Library Management System 安全漏洞

Koha Library Management System is an open-source library automation system developed by Koha. Versions of the Koha Library Management System prior to 23.05.10 contained security vulnerabilities. These vulnerabilities stemmed from the lack of cleaning user-controllable file names before...

9.8CVSS6.2AI score0.01803EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-31058

Name of the Vulnerable Software and Affected Versions SWIG affected versions not specified Description SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. Recommendations At the moment, there...

10CVSS6.3AI score0.00781EPSS
Exploits1References242
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

File Browser 参数注入漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of FileBrowser from 2.0.0 to 2.63.1 have a parameter injection vulnerability. This vulnerability stems...

7.5CVSS6.2AI score0.01922EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/04/06 9:6 p.m.14 views

CVE-2026-35399 WeGIA has Stored XSS in backup file names

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS0.00288EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 9:6 p.m.2 views

CVE-2026-35399 WeGIA has Stored XSS in backup file names

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS6.1AI score0.00288EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

WeGIA 跨站脚本漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for malicious scripts to be injected into backup file names,...

8.5CVSS5.6AI score0.00288EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

baserCMS 安全漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from the application’s restoration function, which allowed users to upload zip files and have them...

8.7CVSS6.2AI score0.00577EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2026-16662

The '/api/v1/files/images/flowid/filename' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing or guessing the flow ID and file name...

6.3CVSS5.9AI score0.00204EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 2:34 p.m.21 views

CVE-2026-5022 Langflow - Missing Authorization on download_image Endpoint

The '/api/v1/files/images/flowid/filename' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing or guessing the flow ID and file name...

6.3CVSS0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.7 views

CVE-2025-67036

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges...

8.8CVSS5.9AI score0.00302EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 7:38 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the readDir API endpoint. An attacker can access and enumerate arbitrary directories and retrieve file names by sending crafted requests to the endpoint. Details A Directory Traversal attack also known as path...

9.8CVSS6.9AI score0.0066EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

WordPress plugin LuxeDrive 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin PeproDev Ultimate Invoice 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27640

Name of the Vulnerable Software and Affected Versions PeproDev Ultimate Invoice WordPress plugin versions through 2.2.5 Description The plugin allows for the bulk download of invoices, generating ZIP archives containing exported invoice PDFs. The ZIP file names are predictable, potentially allowi...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

WordPress plugin Mixtape 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Requests 安全漏洞

Requests is an elegant and simple HTTP library from the Python Foundation. With Requests, you can send HTTP/1.1 requests with great ease. There’s no need to manually add query strings to your URLs, nor to encode POST data using forms. Versions of Requests prior to 2.33.0 contained a security...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/24 9:31 p.m.3 views

EUVD-2026-14986

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 7:48 p.m.3 views

CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:48 p.m.12 views

CVE-2026-21783

HCL Traveler is affected by sensitive information disclosure. The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/24 7:48 p.m.19 views

CVE-2026-21783

CVE-2026-21783 affects HCL Traveler. The issue is sensitive information disclosure via error messages that reveal details such as internal paths, file names, tokens/credentials, error codes, or stack traces. This could give attackers insights into system architecture and potentially enable target...

4.3CVSS5.8AI score0.00278EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder