Lucene search
K

3350 matches found

CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the /appearance/filepath endpoint, which could lead to directory traversal and...

7.5CVSS6.8AI score0.03256EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

wgcloud 安全漏洞

WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. WGCloud versions 3.6.3 and earlier have security vulnerabilities. These vulnerabilities stem from the test connection feature in backend database management, which...

7.5CVSS6AI score0.00375EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/18 9:39 p.m.4 views

CVE-2026-31971

A flaw was found in HTSlib, a library used for bioinformatics file formats. When reading CRAM Compressed Reference-oriented Alignment Map files, the crambytearraylendecode function did not properly validate the size of incoming data against the allocated buffer. This memory corruption vulnerabili...

8.1CVSS5.9AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 7:21 p.m.5 views

CVE-2026-32251 Tolgee has an XXE Injection in Translation Import

Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...

9.3CVSS5.9AI score0.00424EPSS
Exploits1References5
OSV
OSV
added 2026/03/12 5:50 p.m.1 views

GHSA-2238-XC5R-V9HJ @tinacms/graphql has a Path Traversal issue

Description TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join without validating that the resolved path...

6.3CVSS5.9AI score0.00426EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:5 p.m.4 views

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS5.8AI score0.00414EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.11 views

Intelbras TIP 200 Lite和Intelbras TELEFONE IP TIP200 安全漏洞

The Intelbras TIP 200 Lite and the Intelbras TELEFONE IP TIP200 are both products of the Brazilian company Intelbras. The Intelbras TIP 200 Lite is an IP phone device. It operates as an IP terminal and supports up to two SIP accounts. It features high voice quality HD Voice, LCD display 2x15, and...

8.7CVSS5.8AI score0.00301EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

HashiCorp Consul和HashiCorp Consul Enterprise 安全漏洞

HashiCorp Consul and HashiCorp Consul Enterprise are both products of the American company HashiCorp. HashiCorp Consul is a distributed, highly available data center awareness solution. It is used for connecting and configuring applications across dynamic distributed infrastructures. HashiCorp...

6.8CVSS7.4AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 5:1 p.m.5 views

EUVD-2026-10563

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.01102EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.11 views

OneUptime 路径遍历漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.21 contained a path traversal vulnerability. This vulnerability stemmed from the /workflow/docs/ endpoint’s path traversal, which cou...

8.6CVSS7.4AI score0.01102EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.7 views

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...

6.5CVSS6AI score0.00334EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/08 12:50 p.m.120 views

flask_ssti_exploit

Tools for Exploiting SSTI Vulnerabilities under Flask Di...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/08 12:50 p.m.115 views

flask_ssti_exploit

Tools for Exploiting SSTI Vulnerabilities under Flask Di...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

ragas 安全漏洞

Ragas is an open-source toolkit developed by Vibrant Labs for optimizing and evaluating large language models. Versions of Ragas from v0.2.3 to v0.2.14 contain security vulnerabilities. These vulnerabilities stem from improper URL validation and cleaning of the retrievedcontexts parameter, which...

7.5CVSS6.7AI score0.00534EPSS
Exploits1References4
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/03/03 5:8 p.m.8 views

[R1] Nessus Manager Versions 10.10.3 and 10.11.3 Fix One Vulnerability

R1 Nessus Manager Versions 10.10.3 and 10.11.3 Fix One Vulnerability Arnie Cabral Tue, 03/03/2026 - 12:08 A path traversal vulnerability exists in Nessus Manager where an authenticated, remote attacker could read arbitrary OS system files...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

Copeland多款产品 路径遍历漏洞

Both Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems developed by the American company Copeland. Several products of Copeland have been identified with a path traversal vulnerability. This vulnerability stems...

9.1CVSS5.9AI score0.00552EPSS
Exploits0References3
NVD
NVD
added 2026/02/26 7:32 p.m.6 views

CVE-2026-26938

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

8.6CVSS0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.11 views

GetSimple CMS 安全漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. There is a security vulnerability in GetSimple CMS, which stems from a flaw in the file upload function, potentially allowing arbitrary file reading...

8.8CVSS5.9AI score0.00527EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 12:0 a.m.4 views

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...

5.9AI score0.00575EPSS
Exploits2References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu extension that allows sendMediaFeishu to treat an attacker-controlled mediaUrl value as a local file system path and read it...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References3
Rows per page
Query Builder