Lucene search
K

11278 matches found

OSV
OSV
added 2026/02/24 9:8 p.m.6 views

CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS5.8AI score0.00618EPSS
Exploits1References5
OSV
OSV
added 2026/02/24 8:51 p.m.7 views

GHSA-M3C2-496V-CW3V Fiber has an Arbitrary File Read in Static Middleware on Windows

Summary Description A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0. Detail...

8.7CVSS7.2AI score0.00618EPSS
Exploits1References6
NVD
NVD
added 2026/02/24 6:29 p.m.9 views

CVE-2026-26222

Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...

10CVSS0.00739EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/24 5:33 p.m.23 views

CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE

Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...

10CVSS0.00739EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 5:33 p.m.4 views

CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE

Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...

10CVSS6.6AI score0.00739EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 5:33 p.m.28 views

CVE-2026-26222

The CVE-2026-26222 entry concerns Altec DocLink (now Beyond Limits Inc.) 4.0.336.0, where insecure .NET Remoting endpoints exposed over TCP and HTTP/SOAP via ObjectURI “doclinkServer.soap” allow unauthenticated access. The vulnerability arises from unsafe object unmarshalling, enabling remote att...

10CVSS6.4AI score0.00739EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/02/24 5:4 a.m.453 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS9.2AI score0.97875EPSS
Exploits41
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21802

Name of the Vulnerable Software and Affected Versions Fiber versions 3.0.0 and earlier Fiber versions 3.0.0 through 3.0.0 Description A Path Traversal flaw exists in Fiber, potentially allowing a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file...

9.9CVSS5.6AI score0.27661EPSS
Exploits45References125
GithubExploit
GithubExploit
added 2026/02/22 2:26 p.m.371 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms

CVE-2024-46987 — Camaleon CMS Arbitrary Path Traversal Fo...

7.7CVSS5.7AI score0.1456EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2026/02/21 1:18 p.m.10 views

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

6.5CVSS5.7AI score0.00393EPSS
Exploits0References1
Veracode
Veracode
added 2026/02/21 5:7 a.m.8 views

Keras Has A Local File Disclosure Via HDF5 External Storage During Keras Weight Loading

Summary TensorFlow / Keras continues to honor HDF5 “external storage” and "ExternalLink" features when loading weights. A malicious ".weights.h5" or a ".keras" archive embedding such weights can direct "loadweights" to read from an arbitrary readable filesystem path. The bytes pulled from that pa...

7.5CVSS6AI score0.00298EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/02/21 5:2 a.m.5 views

XML External Entity (XXE)

org.assertj, assertj-core is vulnerable to XML External Entity XXE. The vulnerability is due to the DocumentBuilderFactory in org.assertj.core.util.xml.XmlStringPrettyFormatter.toXmlDocumentString being initialized with default settings without disabling DTDs or external entities, which allows an...

9.1CVSS5.8AI score0.00542EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.3 views

CVE-2026-26321

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. If an attacker can influence tool calls directly or via prompt injection...

7.5CVSS5.5AI score0.00482EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:26 p.m.6 views

CVE-2026-27202

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.8AI score0.00527EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 11:26 p.m.6 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.5AI score0.00527EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/20 11:26 p.m.27 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS0.00527EPSS
Exploits1References1
CVE
CVE
added 2026/02/20 11:26 p.m.17 views

CVE-2026-27202

CVE-2026-27202 concerns GetSimple CMS. All versions are affected by a flaw in the Uploaded Files feature that enables arbitrary file reads. The issue is reported as not fixed at publication. The available documents do not provide exploit details or concrete attack vectors. The CVSS data indicates...

8.8CVSS5.8AI score0.00527EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/02/20 11:26 p.m.7 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.7AI score0.00527EPSS
Exploits1References3
Rapid7 Blog
Rapid7 Blog
added 2026/02/20 10:0 p.m.14 views

Metasploit Wrap-Up 02/20/2026

Hacking Churches and Backdooring Emacs This release packs some solid exploit module additions! Two new unauthenticated RCE modules are a major win: the StoryChief WordPress plugin exploit CVE-2025-7441 targets a webhook validation flaw allowing arbitrary file uploads, while the ChurchCRM exploit...

10CVSS6AI score0.37349EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2026/02/20 7:40 p.m.7 views

CVE-2026-25527

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...

5.3CVSS5.4AI score0.00917EPSS
Exploits1References1
Rows per page
Query Builder