Lucene search
K

29 matches found

OSV
OSV
added 5 days ago3 views

CVE-2026-61431 PraisonAI before 4.6.78 Path Traversal via ContextGatherer

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and inclu...

6.8CVSS6.2AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 4:48 p.m.38 views

CVE-2026-55441 mise: Arbitrary command execution via task-include files in an untrusted, config-less repository

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...

8.6CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:48 p.m.31 views

CVE-2026-55441

CVE-2026-55441 affects the Mise toolchain. The root cause is that, prior to 2026.6.4, task-include files loaded from directories without config files bypass trust checks and render task fields with a Terraform-like template engine that registers an exec() function. If a directory contains a task-...

8.6CVSS5.9AI score0.00184EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 4:22 p.m.4 views

CVE-2026-45406 Dokku: Host RCE via Maliciously Named OpenResty Include Files Injected Through eval

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS6.2AI score0.00274EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 6:24 p.m.10 views

Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository

Summary mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/, .mise/tasks/, … but no config file, mise falls back to the default includes and...

8.6CVSS6AI score0.00184EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/29 12:42 p.m.14 views

EUVD-2026-33297

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

7.6CVSS6AI score0.00272EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/21 9:10 p.m.3 views

PHP Remote File Inclusion

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to PHP Remote File Inclusion via the ajaxform.php process. An attacker can execute arbitrary code on the server by...

7.7CVSS7.9AI score0.00804EPSS
Exploits1References2
Huntr
Huntr
added 2022/02/27 3:46 p.m.8 views

File Descriptor Leak

Possible sensitive files Vulnerability description: A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Eac...

6.8AI score
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities

No description provided by source. +------------------------------------------------------------------------------------------- + phpProfiles = 3.1.2b Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Affect...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Izumi <= 1.1.0 (RFI/LFI) Multiple Include Vulnerability

No description provided by source. + Izumi = 1.1.0 RFI/LFI Multiple Include Vulnerability + Discovered by cr4wl3r cr4wl3r!linuxmail.org + Download : http://sourceforge.net/projects/izumi/files/ + Code : page.php requireonce$dirinstall . $dirsrc . common.php; + Example : x RFI :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

myphpPageTool 0.4.3 -1 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6744/info myphpPageTool is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in several PHP script files in the /doc/admin folder. Under some circumstance...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Nukebrowser 2.x Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6731/info Nukebrowser is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the nukebrowser.php script file. Under some circumstances, it is possible fo...

7.1AI score
Exploits0
OSV
OSV
added 2014/03/25 4:55 p.m.6 views

UBUNTU-CVE-2013-5951

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...

2.6CVSS5.8AI score0.01909EPSS
Exploits3References3
Prion
Prion
added 2011/05/23 10:55 p.m.16 views

Design/Logic Flaw

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to 1 bsd.lib.mk and 2 bsd.prog.mk...

3.3CVSS6.7AI score0.00438EPSS
Exploits1References9Affected Software2
Cvelist
Cvelist
added 2011/05/23 10:0 p.m.29 views

CVE-2011-1920

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/depend temporary file, related to 1 bsd.lib.mk and 2 bsd.prog.mk...

6.2AI score0.00438EPSS
Exploits1References9
PyPA
PyPA
added 2009/03/30 1:30 a.m.9 views

PYSEC-2009-11

The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...

5CVSS6.9AI score0.01003EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2007/06/12 12:0 a.m.13 views

PT-2007-4474 · Mybloggie · Mybloggie

Name of the Vulnerable Software and Affected Versions: myBloggie version 2.1.5 Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the bloggie root path parameter to several PHP files, including config.php, db.php, template.php, functions.php,...

9.8CVSS7.6AI score0.0155EPSS
Exploits0References5
securityvulns
securityvulns
added 2007/05/25 12:0 a.m.53 views

RedLevel Advisory #021 - CubeCart v3.0.16 SQL Injection Vulnerability

An interesting SQL injection vulnerability was discovered in CubeCart v3.0.16. This vulnerability cannot easily be exploited by traditional means - in fact, the actual vulnerable variable was not discovered. As a piece of user input is passed to CubeCart, it is sanitized through a routine mySQLSa...

0.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/12/26 12:0 a.m.5 views

PT-2006-7341 · Unknown · Phpprofiles

Name of the Vulnerable Software and Affected Versions: phpProfiles versions 3.1.2b and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter to various PHP files, including "include/body.inc.php" and "include/body admin.inc.php", or a...

7.5CVSS7.4AI score0.091EPSS
Exploits1References22
seebug.org
seebug.org
added 2006/12/22 12:0 a.m.21 views

TextSend &lt;= 1.5 (config/sender.php) Remote File Include Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + TextSend = 1.5 config/sender.php Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Vendo...

7.1AI score
Exploits0
Rows per page
Query Builder