Lucene search
K

11286 matches found

CNNVD
CNNVD
added 2026/02/20 12:0 a.m.6 views

Zenitel AlphaCom 安全漏洞

Zenitel AlphaCom is a critical communication server owned by the Norwegian company Zenitel. There is a security vulnerability in Zenitel AlphaCom, which allows attackers to read arbitrary files by modifying file path parameters to internal system paths...

6.5CVSS5.9AI score0.00393EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/19 11:6 p.m.22 views

CVE-2026-26329 OpenClaw has a path traversal in browser upload allows local file read

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...

7.1CVSS0.00408EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 10:28 p.m.19 views

CVE-2026-26321

CVE-2026-26321 affects OpenClaw’s Feishu extension, where sendMediaFeishu can treat attacker-controlled mediaUrl values as local filesystem paths, enabling local-file disclosure if an attacker can influence tool calls (e.g., via prompt injection). The vulnerability stems from path handling that a...

7.5CVSS5.5AI score0.00482EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/19 10:28 p.m.23 views

CVE-2026-26321 OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. If an attacker can influence tool calls directly or via prompt injection...

7.5CVSS0.00482EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 10:28 p.m.3 views

CVE-2026-26321 OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension

OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. If an attacker can influence tool calls directly or via prompt injection...

7.5CVSS5.5AI score0.00482EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 8:25 p.m.4 views

CVE-2026-26202

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS0.00437EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/19 7:23 p.m.5 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.7AI score0.00437EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/19 7:23 p.m.28 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS0.00437EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 7:23 p.m.17 views

CVE-2026-26202

Penpot before 2.13.2 is affected by an authenticated arbitrary-file-read via the create-font-variant RPC endpoint: supplying a local path as font data causes the server to store the file contents as a font asset. Any authenticated user with team edit permissions can read files accessible to the P...

7.5CVSS5.7AI score0.00437EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/19 7:23 p.m.7 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References4
OSV
OSV
added 2026/02/19 6:24 p.m.12 views

CVE-2026-26337

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

8.8CVSS5.9AI score0.00544EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 6:24 p.m.5 views

CVE-2026-26337

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

8.8CVSS0.00358EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 5:1 p.m.26 views

CVE-2026-26337 Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

8.8CVSS0.00358EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 5:1 p.m.5 views

CVE-2026-26337 Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

8.8CVSS5.6AI score0.00544EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 5:1 p.m.22 views

CVE-2026-26337

Hyland Alfresco Transformation Service is affected by CVE-2026-26337. The flaw enables unauthenticated attackers to perform absolute path traversal, resulting in arbitrary file reads and server-side request forgery (SSRF). Reported CVSS-3.1 base score 8.2 (HIGH) with NETWORK attack vector and no ...

8.8CVSS5.7AI score0.00544EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/19 4:27 p.m.6 views

CVE-2026-2274

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

8.5CVSS0.00252EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/19 4:27 p.m.3 views

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

5.3CVSS7.2AI score0.00329EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/19 3:56 p.m.28 views

CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

8.7CVSS0.00306EPSS
Exploits1References3
CVE
CVE
added 2026/02/19 3:56 p.m.27 views

CVE-2026-26336

CVE-2026-26336 affects Hyland Alfresco. Unauthenticated attackers can read arbitrary files from protected directories (e.g., WEB-INF) via the /share/page/resource/ endpoint, causing disclosure of sensitive configuration files. The issue stems from improper access control on the resource endpoint,...

8.7CVSS5.7AI score0.00306EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 3:56 p.m.6 views

CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

8.7CVSS5.7AI score0.00306EPSS
Exploits1References3
Rows per page
Query Builder