Lucene search
K

11287 matches found

Packet Storm
Packet Storm
added 2026/02/16 12:0 a.m.142 views

📄 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal

JUNG Smart Panel version 5.1 KNX L1.12.22 unauthenticated path traversal proof of concept exploit that builds on the finding from LiquidWorm. ============================================================================================================================================= | Title : JUN...

6.9CVSS5.5AI score0.00703EPSS
Exploits2
NVD
NVD
added 2026/02/15 4:15 a.m.5 views

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS0.00308EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/15 3:24 a.m.5 views

CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/15 3:24 a.m.6 views

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/15 3:24 a.m.5 views

EUVD-2026-5833

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/15 3:24 a.m.38 views

CVE-2026-1793 Element Pack Addons for Elementor <= 8.3.17 - Authenticated (Contributor+) Arbitrary File Read

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...

6.5CVSS0.00308EPSS
Exploits0References3
CVE
CVE
added 2026/02/15 3:24 a.m.16 views

CVE-2026-1793

The CVE-2026-1793 entry concerns the Element Pack Addons for Elementor plugin for WordPress. All versions up to and including 8.3.17 are vulnerable via the SVG widget due to insufficient file validation in the render_svg function, enabling authenticated attackers with contributor-level access or ...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/15 1:19 a.m.16 views

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

10CVSS6.6AI score0.00929EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.8 views

PT-2026-8224

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render svg' function. This makes it possible for authenticated attackers, with...

6.5CVSS5.7AI score0.00308EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/14 3:25 a.m.24 views

CVE-2025-13681 BFG Tools – Extension Zipper <= 1.0.7 - Authenticated (Administrator+) Path Traversal via 'first_file' Parameter

The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied firstfile parameter in the zip function. This makes it possible for authenticated attackers, with...

4.9CVSS0.0035EPSS
Exploits0References4
OSV
OSV
added 2026/02/13 9:16 p.m.7 views

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

9.8CVSS6.6AI score0.00929EPSS
Exploits1References2
NVD
NVD
added 2026/02/13 9:16 p.m.12 views

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

10CVSS0.00929EPSS
Exploits1References2
CVE
CVE
added 2026/02/13 8:51 p.m.20 views

CVE-2026-26333

The CVE describes an unauthenticated .NET Remoting HTTP service on TCP port 8001 in VeraSMART versions prior to 2022 R1. It exposes default ObjectURIs (e.g., EndeavorServer.rem, RemoteFileReceiver.rem) and allows SOAP/binary formatters with TypeFilterLevel set to Full. An unauthenticated attacker...

10CVSS6.6AI score0.00929EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/13 8:51 p.m.9 views

CVE-2026-26333 Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

10CVSS6.6AI score0.00929EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/13 8:51 p.m.9 views

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

10CVSS6.6AI score0.00929EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/13 6:27 p.m.25 views

CVE-2026-25964 Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS0.0042EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/02/13 6:27 p.m.3 views

CVE-2026-25964 Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS5.8AI score0.0042EPSS
Exploits2References3
CVE
CVE
added 2026/02/13 6:27 p.m.26 views

CVE-2026-25964

Vulnerability : CVE-2026-25964 in Tandoor Recipes prior to 2.5.1. A path traversal flaw in the RecipeImport workflow stems from insufficient input validation of file_path and weak checks in the Local storage backend, permitting authenticated users with import permissions to read arbitrary server ...

4.9CVSS5.8AI score0.0042EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/02/13 6:27 p.m.7 views

CVE-2026-25964 Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS5.8AI score0.0042EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/02/13 3:21 p.m.28 views

CVE-2026-26221 Hyland OnBase Timer Service Unauthenticated .NET Remoting RCE

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...

9.8CVSS0.01121EPSS
Exploits1References3
Rows per page
Query Builder