Lucene search
K

11270 matches found

EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2025-208725

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

5.3CVSS5.8AI score0.00369EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:17 p.m.5 views

CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

5.3CVSS0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25864

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.6 Description Admidio, an open-source user management solution, contains a flaw in the SSO Metadata API. The modules/sso/fetch metadata.php endpoint accepts an arbitrary URL via the $ GET'url' parameter. This...

6.8CVSS5.9AI score0.00428EPSS
Exploits1References10
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.17 views

Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

The SSO metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET'url', validates it only with PHP's FILTERVALIDATEURL, and passes it directly to filegetcontents. FILTERVALIDATEURL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An authenticated...

6.8CVSS5.9AI score0.00428EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/03/13 9:19 p.m.32 views

CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

5.4CVSS0.00476EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/13 12:27 a.m.3 views

SUSE CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References5
OSV
OSV
added 2026/03/12 8:32 p.m.4 views

GHSA-M48G-4WR2-J2H6 TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Summary The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system Details When running tinacms dev, the CLI...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/12 8:32 p.m.9 views

TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Summary The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system Details When running tinacms dev, the CLI...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/12 8:32 p.m.6 views

TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Summary The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. Details When running tinacms dev, the CLI starts a local HTTP server default port...

8.4CVSS6.3AI score0.00203EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/12 8:32 p.m.3 views

GHSA-2F24-MG4X-534Q TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Summary The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. Details When running tinacms dev, the CLI starts a local HTTP server default port...

8.4CVSS6.3AI score0.00203EPSS
Exploits1References3
NVD
NVD
added 2026/03/12 8:16 p.m.3 views

CVE-2026-32251

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

9.3CVSS0.00424EPSS
Exploits1References3
CVE
CVE
added 2026/03/12 7:21 p.m.10 views

CVE-2026-32251

Tolgee is affected by CVE-2026-32251 before version 3.166.3. The XML parsers used for importing Android XML resources (.xml) and .resx files do not disable external entity processing, allowing an authenticated user who can import translation files to read arbitrary server files and perform server...

9.3CVSS5.9AI score0.00424EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/12 7:21 p.m.4 views

EUVD-2026-11691

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

9.3CVSS5.9AI score0.00424EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 4:57 p.m.3 views

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 4:57 p.m.25 views

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS0.01025EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 4:57 p.m.14 views

CVE-2026-29066

TinaCMS CLI before 2.1.8 is affected by CVE-2026-29066: the dev server configures Vite with server.fs.strict: false, removing the filesystem restriction and permitting an unauthenticated attacker who can reach the dev server to read arbitrary host files. The issue impacts the TinaCMS CLI devServe...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/12 4:57 p.m.5 views

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

6.2CVSS5.9AI score0.01025EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 4:50 p.m.4 views

CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

8.4CVSS5.9AI score0.00203EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/12 12:35 p.m.5 views

CVE-2026-2808

A flaw was found in HashiCorp Consul. When configured with Kubernetes authentication, a highly privileged attacker can exploit this vulnerability to perform arbitrary file reads. This could lead to the disclosure of sensitive information from the system...

6.8CVSS5.9AI score0.00475EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/12 12:31 a.m.7 views

Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder