Lucene search
K

11286 matches found

RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.3 views

CVE-2026-26321

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. If an attacker can influence tool calls directly or via prompt injection...

7.5CVSS5.5AI score0.00482EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:26 p.m.6 views

CVE-2026-27202

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.8AI score0.00527EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 11:26 p.m.6 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.5AI score0.00527EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/20 11:26 p.m.27 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS0.00527EPSS
Exploits1References1
CVE
CVE
added 2026/02/20 11:26 p.m.17 views

CVE-2026-27202

CVE-2026-27202 concerns GetSimple CMS. All versions are affected by a flaw in the Uploaded Files feature that enables arbitrary file reads. The issue is reported as not fixed at publication. The available documents do not provide exploit details or concrete attack vectors. The CVSS data indicates...

8.8CVSS5.8AI score0.00527EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/02/20 11:26 p.m.7 views

CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...

8.8CVSS5.7AI score0.00527EPSS
Exploits1References3
Rapid7 Blog
Rapid7 Blog
added 2026/02/20 10:0 p.m.15 views

Metasploit Wrap-Up 02/20/2026

Hacking Churches and Backdooring Emacs This release packs some solid exploit module additions! Two new unauthenticated RCE modules are a major win: the StoryChief WordPress plugin exploit CVE-2025-7441 targets a webhook validation flaw allowing arbitrary file uploads, while the ChurchCRM exploit...

10CVSS6AI score0.37349EPSS
Exploits11
RedhatCVE
RedhatCVE
added 2026/02/20 7:40 p.m.7 views

CVE-2026-25527

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...

5.3CVSS5.4AI score0.00917EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.7 views

CVE-2026-2274

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

8.5CVSS5.6AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.8 views

CVE-2026-26337

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

8.8CVSS5.7AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.7 views

CVE-2026-26202

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 5:25 p.m.15 views

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...

8.8CVSS0.00575EPSS
Exploits2References2
OSV
OSV
added 2026/02/20 5:25 p.m.6 views

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...

8.8CVSS6AI score0.00575EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/20 2:22 p.m.9 views

CVE-2026-21627 Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...

9.5CVSS5.5AI score0.00397EPSS
Exploits1References1
CVE
CVE
added 2026/02/20 2:22 p.m.50 views

CVE-2026-21627

The CVE concerns the Tassos Framework plugin (Joomla) versions 4.10.14 through 6.0.37, where specific AJAX handling via Joomla com_ajax can invoke internal framework functionality without proper restrictions. This leads to a SQL injection and an unauthenticated file read, driven by how the plugin...

9.5CVSS5.5AI score0.00397EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/20 2:22 p.m.33 views

CVE-2026-21627 Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s comajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction...

9.5CVSS0.00397EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/20 7:58 a.m.31 views

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

6.5CVSS0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 7:58 a.m.4 views

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

6.5CVSS5.5AI score0.00393EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 7:58 a.m.22 views

CVE-2025-59819

The CVE-2025-59819 entries describe an authenticated arbitrary-file-read vulnerability: an attacker can supply a crafted filepath parameter that is mapped to an internal system path, enabling access to arbitrary files. Multiple sources (NVD, Red Hat, CVE list, Attackerkb, etc.) corroborate the sa...

6.5CVSS5.7AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 12:16 a.m.5 views

CVE-2026-26329

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...

7.1CVSS0.00408EPSS
Exploits0References3
Rows per page
Query Builder