Lucene search
K

11276 matches found

Cvelist
Cvelist
added 2026/03/09 8:15 a.m.31 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/09 8:15 a.m.4 views

CVE-2025-41754 Arbitrary Read with ubr-editfile

A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system...

6.5CVSS5.9AI score0.00334EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.5 views

PT-2026-24115

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A path traversal flaw exists in the PWA Progressive Web App ZIP processing endpoint, specifically at...

9.6CVSS5.9AI score0.00267EPSS
Exploits1References10
Packet Storm
Packet Storm
added 2026/03/09 12:0 a.m.169 views

📄 F5 BIG-IP TMUI Unauthenticated Remote Code Execution

This Metasploit module exploits a directory traversal vulnerability in the F5 BIG-IP TMUI interface that allows unauthenticated attackers to execute arbitrary system commands via tmshCmd.jsp...

10CVSS6AI score0.99999EPSS
Exploits60
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.5 views

PT-2026-24025

A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open e.g., /tmp/weblogsome number, but this parameter is not properly validated, allowing an attacker to modify it t...

6.5CVSS5.9AI score0.00498EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.4 views

PT-2026-24105

Name of the Vulnerable Software and Affected Versions nltk version 3.9.2 Description A flaw exists in the filestring function within the nltk.util module. This issue allows for arbitrary file reading because of inadequate validation of input paths. The function directly opens files specified by...

8.6CVSS7.3AI score0.00428EPSS
Exploits1References26
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.4 views

NLTK 安全漏洞

NLTK is an open-source natural language toolkit developed by NLTK. It is used to support research and development in natural language processing. Version 3.9.2 of NLTK contains a security vulnerability, which stems from the improper validation of input paths in the filestring function of the...

8.6CVSS7.4AI score0.00428EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/03/08 3:19 p.m.135 views

Exploit for Path Traversal in Zenml

zenml-CVE-2024-2083-POC Dockeriz...

9.9CVSS5.9AI score0.3909EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/03/07 3:16 p.m.2 views

CVE-2026-29190 Karapace: Path Traversal in Backup Reader

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

4.1CVSS5.8AI score0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 3:16 p.m.1 views

CVE-2026-29190

Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...

4.1CVSS5.8AI score0.00373EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/03/07 5:14 a.m.5 views

Arbitrary File Read

changedetection.io is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient validation of user-supplied XPath expressions in the includefilters field, allowing attackers to use functions such as unparsed-text to read arbitrary files from the filesystem accessible to the...

9.3CVSS6AI score0.00484EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/07 2:19 a.m.2 views

GHSA-2H2P-MVFX-868W SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

Summary A path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token,...

9.3CVSS6.5AI score0.01028EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/07 2:19 a.m.8 views

SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

Summary A path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token,...

9.8CVSS6.5AI score0.01028EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/07 12:25 a.m.1 views

SUSE CVE-2026-27139

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

3.3CVSS5.9AI score0.00201EPSS
Exploits0References12
NVD
NVD
added 2026/03/06 3:16 p.m.14 views

CVE-2026-2753

An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...

7.5CVSS0.00451EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 8:16 a.m.6 views

CVE-2026-29059

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

7.5CVSS0.02584EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/06 7:11 a.m.3 views

CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS5.8AI score0.02584EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 7:11 a.m.95 views

CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS0.02584EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:11 a.m.3 views

CVE-2026-29059

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS5.8AI score0.02584EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/06 6:54 a.m.35 views

CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS0.00484EPSS
Exploits1References3
Rows per page
Query Builder