Lucene search
K

11287 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 3:56 p.m.6 views

CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

8.7CVSS5.7AI score0.00306EPSS
Exploits1References3
CVE
CVE
added 2026/02/19 3:21 p.m.9 views

CVE-2026-2274

CVE-2026-2274 describes a vulnerability in Google AppSheet’s AppSheet Core allowing an authenticated remote attacker to perform SSRF and arbitrary file read via crafted requests to the production cluster. Affected behavior includes reading sensitive local files and accessing internal network reso...

8.5CVSS5.6AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 3:21 p.m.5 views

CVE-2026-2274 Arbitrary File Read and SSRF in Google AppSheet

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

8.5CVSS5.6AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 3:21 p.m.23 views

CVE-2026-2274 Arbitrary File Read and SSRF in Google AppSheet

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

8.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 3:16 p.m.5 views

CVE-2026-25527

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...

5.3CVSS0.00917EPSS
Exploits1References2
OSV
OSV
added 2026/02/19 2:18 p.m.3 views

CVE-2026-25527 changedetection.io vulnerable to unauthenticated static path traversal

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...

5.3CVSS5.4AI score0.00917EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/02/19 7:21 a.m.6 views

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability

Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...

8.8CVSS5.5AI score0.00372EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-13603

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...

8.8CVSS0.00372EPSS
Exploits0References4
ICS
ICS
added 2026/02/19 7:0 a.m.7 views

Valmet DNA Engineering Web Tools

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

9.2CVSS5.9AI score0.00505EPSS
Exploits0References13
CVE
CVE
added 2026/02/19 4:36 a.m.22 views

CVE-2026-0926

Prodigy Commerce WordPress plugin

9.8CVSS6.5AI score0.09396EPSS
Exploits5References6
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.285 views

CVE-2026-0926 Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

9.8CVSS0.09396EPSS
Exploits5References6
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.5 views

CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...

8.8CVSS5.7AI score0.00372EPSS
Exploits0References4
CVE
CVE
added 2026/02/19 4:36 a.m.16 views

CVE-2025-13603

The CVE concerns WP Audio Gallery for WordPress (

8.8CVSS5.7AI score0.00372EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/19 4:36 a.m.29 views

CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...

8.8CVSS0.00372EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20602

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag htaccess callback" function This makes it possible for authenticated...

8.8CVSS5.7AI score0.00372EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

Hyland Alfresco 安全漏洞

Hyland Alfresco is an enterprise content management system developed by the American company Hyland. Hyland Alfresco has a security vulnerability, which allows unauthenticated attackers to read arbitrary files from protected directories through endpoints such as /share/page/resource/. This...

8.7CVSS5.9AI score0.00306EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20630

Name of the Vulnerable Software and Affected Versions Prodigy Commerce versions prior to 3.2.9 Description The Prodigy Commerce plugin for WordPress is susceptible to a Local File Inclusion issue. This allows unauthenticated attackers to include and read arbitrary files or execute arbitrary files...

9.8CVSS6.2AI score0.09396EPSS
Exploits5References13
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20876

Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description The Hyland Alfresco Transformation Service is susceptible to exploitation allowing unauthenticated attackers to perform arbitrary file read and server-side...

9.8CVSS5.4AI score0.00544EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20837

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.53.2 Description changedetection.io is a web page change detection tool. Versions prior to 0.53.2 are susceptible to an unauthenticated local file read of application source files. The /static// API...

5.3CVSS5.6AI score0.00917EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20851

Name of the Vulnerable Software and Affected Versions AppSheet versions prior to 2025-11-23 Description A Server-Side Request Forgery SSRF and Arbitrary File Read issue exists in AppSheet Core. An authenticated remote attacker can potentially read sensitive local files and access internal network...

8.5CVSS5.3AI score0.00252EPSS
Exploits0References5
Rows per page
Query Builder