Lucene search
K

11272 matches found

Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24719

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

OpenProject 路径遍历漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had a path traversal vulnerability. This vulnerability stemmed from authenticated project members with BCF import privileges being able to upload custom.bcf archives. In such archives, the...

6.5CVSS5.9AI score0.00302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.22 views

PT-2026-24683

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in versi...

8.7CVSS5.8AI score0.00532EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24892

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.18.20 through 1.21.10 HashiCorp Consul version 1.22.4 HashiCorp Consul Enterprise versions 1.18.20 through 1.21.10 HashiCorp Consul Enterprise version 1.22.4 Description HashiCorp Consul and Consul Enterprise are...

9.9CVSS7.2AI score0.22162EPSS
Exploits68References143
OSV
OSV
added 2026/03/10 10:16 p.m.2 views

CVE-2026-28807

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/10 9:34 p.m.28 views

CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS0.01056EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:34 p.m.3 views

CVE-2026-28807

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 9:34 p.m.4 views

CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References4
OSV
OSV
added 2026/03/10 9:34 p.m.7 views

EEF-CVE-2026-28807 Path Traversal in wisp.serve_static allows arbitrary file read

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in gleam-wisp wisp allows arbitrary file read via percent-encoded path traversal. The wisp.servestatic function is vulnerable to path traversal because sanitization runs before percent-decoding. The encoded...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/10 8:9 p.m.3 views

CVE-2026-30942

A flaw was found in Flare, a file sharing platform. An authenticated path traversal vulnerability exists in the /api/avatars/filename endpoint, allowing a logged-in user to read arbitrary files from the application container. This occurs because the filename parameter is not properly sanitized,...

8.3CVSS5.8AI score0.00608EPSS
Exploits1References6
OSV
OSV
added 2026/03/10 6:28 p.m.3 views

GO-2026-4646 SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel

SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

9.8CVSS5.8AI score0.01028EPSS
Exploits1References1
NVD
NVD
added 2026/03/10 6:18 p.m.8 views

CVE-2026-30958

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

8.6CVSS0.00462EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/10 5:1 p.m.2 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/10 5:1 p.m.3 views

EUVD-2026-10564

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/10 5:1 p.m.29 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS0.00462EPSS
Exploits1References2
CVE
CVE
added 2026/03/10 5:1 p.m.14 views

CVE-2026-30958

OneUptime CVE-2026-30958 describes an unauthenticated path traversal vulnerability in the /workflow/docs/:componentName endpoint, where the componentName parameter is directly concatenated into the server file path used by res.sendFile(), enabling arbitrary file reads. Root cause: lack of sanitiz...

8.6CVSS5.9AI score0.00462EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/10 5:1 p.m.2 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.26 views

CVE-2026-30942 Flare has a Path Traversal in /api/avatars/[filename]

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS0.00608EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
Rows per page
Query Builder