Lucene search
K

11277 matches found

Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.9 views

Fonoster is vulnerable to directory traversal

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1...

5.8CVSS5.9AI score0.02362EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/05 9:30 p.m.10 views

EUVD-2025-208315

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

5.9AI score0.00534EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/05 9:30 p.m.8 views

RAGAS has an Arbitrary File Read vulnerability

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

7.5CVSS5.8AI score0.00534EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/05 9:30 p.m.4 views

GHSA-V2XR-WVRV-P969 RAGAS has an Arbitrary File Read vulnerability

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

8.7CVSS5.8AI score0.00534EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.6 views

CVE-2026-0847

A flaw was found in NLTK Natural Language Toolkit. This vulnerability allows a remote attacker to read arbitrary files on the server due to improper sanitization of file paths in several CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. By...

8.6CVSS7.6AI score0.00924EPSS
Exploits3References4
OSV
OSV
added 2026/03/05 7:16 p.m.7 views

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

9.8CVSS6AI score0.00616EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 7:16 p.m.7 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

7.5CVSS0.00534EPSS
Exploits1References7
OSV
OSV
added 2026/03/05 7:16 p.m.3 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

7.5CVSS5.8AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 4:27 p.m.6 views

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

9.1CVSS6AI score0.00616EPSS
Exploits0References2
CVE
CVE
added 2026/03/05 4:27 p.m.15 views

CVE-2026-24457

CVE-2026-24457: OpenMQ unsafe parsing of configuration allows a remote attacker to read arbitrary files on the MQ Broker server, potentially reading host OS files. In some scenarios, RCE could be achieved. Metrics indicate CVSS v3.1 base score 9.1 (CRITICAL) with NETWORK attack vector, LOW attack...

9.8CVSS6AI score0.00616EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/05 1:58 p.m.2 views

SUSE CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

7.5CVSS6.5AI score0.00924EPSS
Exploits3References3
Huntr
Huntr
added 2026/03/05 1:20 p.m.5 views

NLTK Data Module - Arbitrary File Read via Dead Security Check

This report is not public...

5.3AI score
Exploits0
NVD
NVD
added 2026/03/05 2:16 a.m.6 views

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.00139EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:53 a.m.4 views

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00139EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/05 12:48 a.m.5 views

CVE-2026-29121 `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS5.8AI score0.00148EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

OpenMQ 安全漏洞

OpenMQ is a Java EE open-source message flow middleware. There is a security vulnerability in OpenMQ, which stems from insecure configuration parsing. This vulnerability could allow remote attackers to read arbitrary files from the MQ Broker server...

9.8CVSS5.9AI score0.00616EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a file inclusion vulnerability. An attacker can exploit this vulnerability to read arbitrary files in the local file system...

8.2CVSS5.9AI score0.00292EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:0 a.m.5 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

5.9AI score0.00534EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/05 12:0 a.m.3 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

5.8AI score0.00534EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/05 12:0 a.m.29 views

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

0.00534EPSS
Exploits1References4
Rows per page
Query Builder