Lucene search
K

11277 matches found

CVE
CVE
added 2026/02/27 9:43 p.m.57 views

CVE-2026-28414

CVE-2026-28414 : The issue affects Gradio prior to 6.7 on Windows with Python 3.13+. A bug in Gradio’s path-joining logic, triggered by Python 3.13+ changes to os.path.isabs, allows an unauthenticated attacker to read arbitrary files from the Gradio server via root-relative paths. The vulnerabili...

7.5CVSS6AI score0.03095EPSS
In wildExploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.7 views

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS6.1AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 4:41 p.m.20 views

CVE-2026-24488 OpenEMR Vulnerable to Arbitrary File Exfiltration via Fax Endpoint

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on the server...

6.5CVSS0.00399EPSS
Exploits1References2
OSV
OSV
added 2026/02/27 8:49 a.m.3 views

SUSE-SU-2026:20551-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...

8.5CVSS6AI score0.0045EPSS
Exploits6References18
EUVD
EUVD
added 2026/02/27 3:30 a.m.7 views

EUVD-2026-8973

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

9.1CVSS5.6AI score0.00552EPSS
Exploits0References4
OSV
OSV
added 2026/02/27 2:16 a.m.5 views

CVE-2026-22877

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

9.1CVSS5.9AI score0.00552EPSS
Exploits0References3
NVD
NVD
added 2026/02/27 2:16 a.m.13 views

CVE-2026-22877

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

9.1CVSS0.00552EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 1:1 a.m.3 views

CVE-2026-22877

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

9.1CVSS5.9AI score0.00552EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 1:1 a.m.2 views

CVE-2026-22877 Copeland XWEB and XWEB Pro Path Traversal

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

3.7CVSS6AI score0.00552EPSS
Exploits0References3
CVE
CVE
added 2026/02/27 1:1 a.m.14 views

CVE-2026-22877

CVE-2026-22877 affects XWEB Pro 1.12.1 and earlier. The Red Hat, NVD, and CVE records describe an unauthenticated arbitrary file-read vulnerability that could allow attackers to read arbitrary files and potentially trigger a denial-of-service. The exploitation status, affected versions beyond 1.1...

9.1CVSS5.6AI score0.00552EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22409

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.7 Description Gradio is a Python package for prototyping applications. Applications running on Windows with Python 3.13 and later are susceptible to an absolute path traversal issue. A change in Python 3.13+ altered...

7.5CVSS6AI score0.03095EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22272

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

3.7CVSS5.6AI score0.00552EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/26 9:31 p.m.8 views

EUVD-2026-8873

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS5.7AI score0.00254EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 7:32 p.m.3 views

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

7.7CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 5:56 p.m.3 views

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS6.1AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 5:56 p.m.22 views

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 4:27 p.m.7 views

GO-2026-4540 Fiber has an Arbitrary File Read in Static Middleware on Windows in github.com/gofiber/fiber/v3

Fiber has an Arbitrary File Read in Static Middleware on Windows in github.com/gofiber/fiber/v3...

8.7CVSS5.5AI score0.00618EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/02/26 6:39 a.m.7 views

WordPress WP Responsive Images plugin <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability

Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Responsive Images versions = 1.0...

7.5CVSS5.4AI score0.01722EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/02/26 6:12 a.m.4 views

Arbitrary File Read

Weblate is vulnerable to arbitrary file read. The vulnerability is due to improper handling of crafted symbolic links in repositories, which allows an attacker to read arbitrary files from the server file system...

7.7CVSS5.9AI score0.00344EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/02/26 1:24 a.m.37 views

CVE-2026-1557

The CVE-2026-1557 entry concerns the WordPress WP Responsive Images plugin (

7.5CVSS5.6AI score0.01722EPSS
In wildExploits0References7
Rows per page
Query Builder