Lucene search
K

11269 matches found

GithubExploit
GithubExploit
added 2026/03/26 10:22 a.m.136 views

Exploit for Argument Injection in Weblate

Weblate — Arbitrary File Read via SSH Host Argument Injection...

9.1CVSS6AI score0.00447EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/03/26 4:18 a.m.3 views

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

7CVSS6.8AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.5 views

Ruckus Wireless多款产品 安全漏洞

Ruckus Wireless SmartZone is a high-performance WLAN controller from Ruckus Technologies. Several products of Ruckus Wireless have security vulnerabilities. These vulnerabilities stem from arbitrary file reading vulnerabilities in the command-line interface, which could allow authenticated remote...

6.9CVSS6AI score0.00457EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.5 views

PT-2026-28264

Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...

6.9CVSS6AI score0.00457EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

godoxy 路径遍历漏洞

Godoxy is a lightweight reverse proxy tool developed by Yuzerion’s individual developers. Versions of Godoxy prior to 0.27.5 contained a path traversal vulnerability. This vulnerability stemmed from the file content API endpoint’s lack of protection against path traversal, potentially allowing...

6.5CVSS6.5AI score0.00502EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.7 views

PT-2026-28418

Name of the Vulnerable Software and Affected Versions Smart Slider 3 versions prior to 3.5.1.34 Description The Smart Slider 3 plugin for WordPress contains a flaw that allows authenticated attackers with Subscriber-level access or higher to read arbitrary files on the server. This is possible...

6.5CVSS5.8AI score0.00484EPSS
Exploits0References19
CVE
CVE
added 2026/03/25 10:52 p.m.12 views

CVE-2026-33913

OpenEMR is affected by a CCDA import vulnerability (XInclude Injection) in the Carecoordination module prior to v8.0.0.3. An authenticated user can upload a crafted CCDA containing to read arbitrary server files. The issue is mitigated by upgrading to OpenEMR v8.0.0.3. The CVSS details indicate ...

7.7CVSS5.9AI score0.00294EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 10:52 p.m.3 views

CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

7.7CVSS5.9AI score0.00294EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 10:52 p.m.3 views

CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

7.7CVSS6AI score0.00294EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/25 9:11 p.m.19 views

CVE-2026-30976 Sonarr Path Traversal vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

8.6CVSS0.00669EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 9:11 p.m.1 views

CVE-2026-30976 Sonarr Path Traversal vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

8.6CVSS5.8AI score0.00669EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 9:11 p.m.5 views

EUVD-2026-15992

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

8.6CVSS5.8AI score0.00669EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 9:11 p.m.3 views

CVE-2026-30976 Sonarr Path Traversal vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

8.6CVSS5.8AI score0.00669EPSS
Exploits0References5
OSV
OSV
added 2026/03/25 7:36 p.m.1 views

GHSA-34XJ-66V3-6J83 SiYuan has Arbitrary Document Reading within the Publishing Service

Details Document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. PoC python !/usr/bin/env python3 """SiYuan /api/block/getChildBlocks 文档内容读取""" import requests import json import sys def...

9.8CVSS5.8AI score0.00523EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.4 views

SUSE CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS6.1AI score0.0022EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Codra Panorama Suite 安全漏洞

Codra Panorama Suite is an industrial process monitoring software platform developed by the French company Codra. There is a security vulnerability in Codra Panorama Suite, which allows attackers to potentially read files on the Web HMI server...

9.2CVSS5.8AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 9:31 p.m.4 views

EUVD-2026-14958

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...

6.1CVSS5.9AI score0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 6:30 p.m.2 views

CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...

6.1CVSS5.9AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 6:30 p.m.17 views

CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...

6.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 6:30 p.m.22 views

CVE-2026-23924

CVE-2026-23924 affects the Zabbix Agent 2 Docker plugin. The issue is improper sanitization of the docker.container_info parameters when forwarding to the Docker daemon, enabling an attacker capable of invoking Agent 2 to read arbitrary files from running Docker containers by injecting them via t...

6.1CVSS5.9AI score0.00251EPSS
Exploits0References1
Rows per page
Query Builder