Lucene search
K

11272 matches found

Cvelist
Cvelist
added 2026/03/19 12:0 a.m.23 views

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

0.00375EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.5 views

OpenClaw 后置链接漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a backlink vulnerability that can be exploited by an attacker to read arbitrary files outside the boundaries of the configuration workspace...

7.5CVSS5.9AI score0.00327EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.6 views

PT-2026-26485

Name of the Vulnerable Software and Affected Versions dagu versions 2.0.0 through 2.3.0 Description Dagu suffers from a path traversal issue due to incomplete fixes for CVE-2026-27598. The initial fix addressed path traversal in the CreateNewDAG function, but the locateDAG function still allows...

8.1CVSS6.2AI score0.00571EPSS
Exploits2References7
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.19 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained security...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/18 8:20 p.m.6 views

Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod

Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permission to create ResolutionRequests e.g. by creating TaskRuns or PipelineRuns that use the git resolver can read arbitrary files from the resolver pod's filesystem, including...

9.6CVSS5.9AI score0.00573EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/03/18 8:20 p.m.3 views

GHSA-J5Q5-J9GM-2W5C Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod

Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permission to create ResolutionRequests e.g. by creating TaskRuns or PipelineRuns that use the git resolver can read arbitrary files from the resolver pod's filesystem, including...

9.6CVSS5.9AI score0.00573EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/03/18 7:53 p.m.7 views

Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)

Summary The Allure report generator is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json, -container.json, or .plist that points an attachment source to a sensitive file on the host system. During repor...

8.6CVSS6AI score0.00539EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/18 7:53 p.m.3 views

GHSA-64HM-GFWQ-JPPW Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)

Summary The Allure report generator is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json, -container.json, or .plist that points an attachment source to a sensitive file on the host system. During repor...

8.6CVSS6AI score0.00539EPSS
Exploits1References3
OSV
OSV
added 2026/03/18 4:18 p.m.2 views

GHSA-WR4H-V87W-P3R7 h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read

Summary serveStatic in h3 is vulnerable to path traversal via percent-encoded dot segments %2e%2e, allowing an unauthenticated attacker to read arbitrary files outside the intended static directory on Node.js deployments. Details The vulnerability exists in src/utils/static.ts at line 86:...

5.9CVSS6.1AI score
Exploits0References4
Veracode
Veracode
added 2026/03/18 7:27 a.m.6 views

Arbitrary File Read

github.com/kedacore/keda is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient path validation when loading the Service Account Token from spec.hashiCorpVault.credential.serviceAccount, which allows an attacker with permission to create or modify a TriggerAuthentication...

8.2CVSS7.4AI score0.00433EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.31 views

CVE-2026-27522 OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS0.00372EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 1:34 a.m.21 views

CVE-2026-27522

OpenClaw before 2026.2.24 contains a local media root bypass in sendAttachment and setGroupIcon when sandboxRoot is unset, allowing hydration of media from local absolute paths to read arbitrary host files accessible by the runtime user. Affected product: OpenClaw; vulnerable components: media ha...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.4 views

CVE-2026-27522 OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Actions

OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local absolute paths to read arbitrary host files accessible by the runtime user...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26214

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.0...

10CVSS5.8AI score0.00674EPSS
Exploits23References197
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.10 views

PT-2026-26203

Summary The Allure report generator is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json, -container.json, or .plist that points an attachment source to a sensitive file on the host system. During repor...

8.6CVSS6.1AI score0.00539EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/03/17 2:7 p.m.52 views

SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service

Summary In SiYuan, /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/path, which only requires authentication, a publish-service...

9.9CVSS5.8AI score0.00414EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/17 2:7 p.m.3 views

GHSA-FQ2J-J8HC-8VW8 SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service

Summary In SiYuan, /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/path, which only requires authentication, a publish-service...

9.9CVSS5.8AI score0.00414EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 9:17 p.m.27 views

Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

Summary The SSO metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only with PHP's FILTERVALIDATEURL, and passes it directly to filegetcontents. FILTERVALIDATEURL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An...

6.8CVSS5.9AI score0.00428EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/16 9:17 p.m.2 views

GHSA-6J68-GCC3-MQ73 Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

Summary The SSO metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only with PHP's FILTERVALIDATEURL, and passes it directly to filegetcontents. FILTERVALIDATEURL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An...

6.8CVSS5.9AI score0.00428EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/16 6:55 p.m.4 views

Improper Protection of Alternate Path

Overview awslabs.aws-api-mcp-server is a Model Context Protocol MCP server for interacting with AWS Affected versions of this package are vulnerable to Improper Protection of Alternate Path through the AWS CLI shorthand parser in awsapimcpserver/core/aws/services.py. An attacker can read arbitrar...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2
Rows per page
Query Builder