Lucene search
K

11287 matches found

Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.6 views

PT-2026-22409

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.7 Description Gradio is a Python package for prototyping applications. Applications running on Windows with Python 3.13 and later are susceptible to an absolute path traversal issue. A change in Python 3.13+ altered...

7.5CVSS6AI score0.03095EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.8 views

PT-2026-22272

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

3.7CVSS5.6AI score0.00552EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/26 9:31 p.m.8 views

EUVD-2026-8873

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS5.7AI score0.00254EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 7:32 p.m.4 views

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

7.7CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 5:56 p.m.3 views

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS6.1AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 5:56 p.m.22 views

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 4:27 p.m.7 views

GO-2026-4540 Fiber has an Arbitrary File Read in Static Middleware on Windows in github.com/gofiber/fiber/v3

Fiber has an Arbitrary File Read in Static Middleware on Windows in github.com/gofiber/fiber/v3...

8.7CVSS5.5AI score0.00618EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/02/26 6:39 a.m.7 views

WordPress WP Responsive Images plugin <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability

Unauthenticated Path Traversal to Arbitrary File Read via src vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Responsive Images versions = 1.0...

7.5CVSS5.4AI score0.01722EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/02/26 6:12 a.m.4 views

Arbitrary File Read

Weblate is vulnerable to arbitrary file read. The vulnerability is due to improper handling of crafted symbolic links in repositories, which allows an attacker to read arbitrary files from the server file system...

7.7CVSS5.9AI score0.00344EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/02/26 1:24 a.m.37 views

CVE-2026-1557

The CVE-2026-1557 entry concerns the WordPress WP Responsive Images plugin (

7.5CVSS5.6AI score0.01722EPSS
In wildExploits0References7
Cvelist
Cvelist
added 2026/02/26 1:24 a.m.371 views

CVE-2026-1557 WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS0.01722EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/26 1:24 a.m.3 views

CVE-2026-1557 WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.6AI score0.01722EPSS
Exploits0References7
NVD
NVD
added 2026/02/25 11:16 p.m.7 views

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

9CVSS0.00718EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 p.m.10 views

CVE-2026-26222

Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...

10CVSS6.4AI score0.00739EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 10:8 p.m.7 views

CVE-2026-27494 n8n has Arbitrary File Read via Python Code Node Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...

7.1CVSS5.9AI score0.00352EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/25 10:8 p.m.26 views

CVE-2026-27494 n8n has Arbitrary File Read via Python Code Node Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...

7.1CVSS0.00352EPSS
Exploits0References4
CVE
CVE
added 2026/02/25 10:8 p.m.19 views

CVE-2026-27494

CVE-2026-27494 affects the open-source workflow platform n8n. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox, gaining access to built-in Python objects and potentially exfiltra...

9.9CVSS5.4AI score0.00352EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/25 10:8 p.m.7 views

CVE-2026-27494 n8n has Arbitrary File Read via Python Code Node Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...

7.1CVSS5.5AI score0.00352EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/25 9:22 p.m.9 views

EUVD-2026-8757

n8n has Arbitrary File Read via Python Code Node Sandbox Escape...

7.1CVSS5.3AI score0.00352EPSS
Exploits0References4
CVE
CVE
added 2026/02/25 1:44 a.m.28 views

CVE-2026-24849

OpenEMR vulnerability CVE-2026-24849 affects the EtherFaxActions.php disposeDocument() path, allowing any authenticated user to read arbitrary files on the server filesystem. The root cause is improper access control in the disposeDocument() method, enabling high confidentiality/integriity/availa...

9.9CVSS5.7AI score0.02164EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder