Lucene search
K

1066 matches found

CVE
CVE
added 2026/03/20 1:58 a.m.21 views

CVE-2026-32812

Admidio CVE-2026-32812 affects versions 5.0.0–5.0.6 where the SSO Metadata API endpoint at modules/sso/fetch_metadata.php reads a user-supplied URL and passes it to file_get_contents() after only PHP FILTER_VALIDATE_URL validation. This allows an authenticated administrator to cause Local File Re...

6.8CVSS5.8AI score0.00428EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/19 12:30 p.m.4 views

EUVD-2026-13095

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS5.8AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/03/19 12:16 p.m.3 views

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS0.00323EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 12:16 p.m.6 views

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 11:25 a.m.20 views

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 11:25 a.m.2 views

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS5.8AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:25 a.m.2 views

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS5.8AI score0.00323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26284

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS5.8AI score0.00323EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.5 views

Autogram 安全漏洞

Autogram is a multi-platform file signature and verification desktop application developed by Slovensko.Digital. There is a security vulnerability in Autogram, which stems from improper restrictions on XML external entity references in the XMLUtils.java file. This vulnerability could allow remote...

8.6CVSS5.8AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.16 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.21 contained security vulnerabilities. These vulnerabilities stemmed from improper URL scheme validation in the assertBrowserNavigationAllowed function. This allowed unauthorize...

7.1CVSS5.8AI score0.00403EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/16 6:55 p.m.4 views

Improper Protection of Alternate Path

Overview awslabs.aws-api-mcp-server is a Model Context Protocol MCP server for interacting with AWS Affected versions of this package are vulnerable to Improper Protection of Alternate Path through the AWS CLI shorthand parser in awsapimcpserver/core/aws/services.py. An attacker can read arbitrar...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:17 p.m.9 views

CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

6.9CVSS0.00206EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/03/15 3:17 p.m.164 views

Exploit for CVE-2025-60012

For educational and security research purposes only. Do not...

6.3CVSS6.1AI score0.00488EPSS
Exploits1
OSV
OSV
added 2026/03/11 2:16 p.m.5 views

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2026/03/07 3:36 p.m.10 views

CVE-2026-30834

Technical details about CVE-2026-30834 are not provided in the connected documents. The initial description notes an SSRF in PinchTab’s /download endpoint and a patch in 0.7.7, but no further specifics (affected versions, exploitation details, or mitigations) are included here. Monitor for updates.

7.5CVSS5.8AI score0.00423EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/07 6:16 a.m.13 views

CVE-2026-30828

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS0.00533EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/07 5:27 a.m.3 views

CVE-2026-30828 Wallos: SSRF via url parameter leading to File Traversal

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/07 5:27 a.m.4 views

EUVD-2026-10116

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References3
CVE
CVE
added 2026/03/07 5:27 a.m.14 views

CVE-2026-30828

CVE-2026-30828 affects Wallos prior to version 4.6.2, where the url parameter can be used to retrieve local system files. The issue has been patched in 4.6.2. Reported CVSS 4.0/8.7 (HIGH) with network attack vector, low complexity and no user interaction required; impact is limited to confidentia...

8.7CVSS5.7AI score0.00533EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.7 views

PT-2026-23823

Name of the Vulnerable Software and Affected Versions Wallos versions prior to 4.6.2 Description Wallos is a self-hostable personal subscription tracker. Versions prior to 4.6.2 contain an issue where the url parameter can be exploited to retrieve local system files. Recommendations Update to...

8.7CVSS5.8AI score0.00533EPSS
Exploits1References8
Rows per page
Query Builder