Lucene search
K

11276 matches found

CVE
CVE
added 2026/03/10 5:1 p.m.14 views

CVE-2026-30958

OneUptime CVE-2026-30958 describes an unauthenticated path traversal vulnerability in the /workflow/docs/:componentName endpoint, where the componentName parameter is directly concatenated into the server file path used by res.sendFile(), enabling arbitrary file reads. Root cause: lack of sanitiz...

8.6CVSS5.9AI score0.00462EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.26 views

CVE-2026-30942 Flare has a Path Traversal in /api/avatars/[filename]

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS0.00608EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.7 views

CVE-2025-41755

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsomenumber, but this parameter is not properly validated, allowing an attacker to modify it to...

6.5CVSS5.9AI score0.00498EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 3:33 a.m.4 views

CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 3:33 a.m.30 views

CVE-2026-3585 The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS0.0035EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 3:33 a.m.17 views

CVE-2026-3585

The Events Calendar WordPress plugin (up to v6.15.17) is affected by a path traversal vulnerability in the ajax_create_import function. The issue allows authenticated attackers with Author-level access or higher to read arbitrary files on the server, exposing sensitive information. The vulnerabil...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/10 1:4 a.m.2 views

Directory Traversal

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Directory Traversal via the Loader.candidates resolution when require.resolve is used as a fallback; an attacker can read arbitrary...

8.7CVSS6.2AI score0.00557EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24472

Name of the Vulnerable Software and Affected Versions gleam-wisp wisp versions 2.1.1 through 2.2.0 Description A path traversal issue exists in gleam-wisp wisp that allows arbitrary file reading through percent-encoded path traversal. The wisp.serve static function is susceptible because...

8.7CVSS5.9AI score0.01056EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

Flare 路径遍历漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.3 contained a path traversal vulnerability. This vulnerability stemmed from the /api/avatars/filename path traversal, which could lead to arbitrary file reading...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24176

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.18 Description The Events Calendar plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 6.15.17. This allows authenticated attackers with...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-0846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. T...

8.6CVSS7.3AI score0.00428EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2026/03/10 12:0 a.m.248 views

📄 Vite 6.2.2 Arbitrary File Read

Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...

7.5CVSS6.6AI score0.76736EPSS
Exploits28
Adobe
Adobe
added 2026/03/10 12:0 a.m.24 views

APSB26-05 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important, and moderate vulnerabilities. Successful exploitation could lead to security feature bypass, application denial-of-service, privilege escalation, arbitrary code execution, an...

6AI score
Exploits0Affected Software3
Vulnrichment
Vulnrichment
added 2026/03/09 10:28 p.m.3 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.4AI score0.01028EPSS
Exploits1References1
CVE
CVE
added 2026/03/09 10:28 p.m.13 views

CVE-2026-30869

SiYuan contains a path traversal vulnerability in the /export endpoint prior to version 3.5.10. Double-encoded traversal sequences can read arbitrary server files (e.g., conf/conf.json) containing secrets such as the API token, cookie signing key, and workspace authentication code. Leakage could ...

9.8CVSS6.4AI score0.01028EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/09 10:28 p.m.5 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.5AI score0.01028EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/09 9:31 p.m.7 views

EUVD-2026-10350

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/09 9:31 p.m.7 views

EUVD-2026-10351

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References2
Rows per page
Query Builder