Lucene search
K

1066 matches found

CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

YouPHPTube 路径遍历漏洞

YouPHPTube is YouPHPTube open source a PHP-based video website system . YouPHPTube 7.8 and earlier versions of the path traversal vulnerability , the vulnerability stems from improper manipulation of the lang parameter in the GET request , which could lead to local file containment...

8.7CVSS5.7AI score0.0163EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.8 views

CVE-2018-1000145

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them...

6.5CVSS6AI score0.01142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:55 a.m.6 views

CVE-2018-4346

A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14...

5.5CVSS6AI score0.0081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.4 views

CVE-2021-41638

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...

7.5CVSS6.8AI score0.01577EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.5 views

CVE-2021-31863

Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process...

7.5CVSS6.5AI score0.01737EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.7 views

CVE-2022-37033

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...

6.5CVSS6.7AI score0.00843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.5 views

CVE-2022-31261

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker ca...

7.5CVSS6.8AI score0.01095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.6 views

CVE-2022-31202

The export function in SoftGuard Web SGW before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl...

6.5CVSS6.7AI score0.01166EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.10 views

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

7.5CVSS6.7AI score0.01336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.8 views

CVE-2019-11700

A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. Note: this issue only occurs on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox 67...

6.5CVSS6AI score0.01378EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/05 1:45 p.m.7 views

EUVD-2026-0849

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...

6.5CVSS6.1AI score0.00582EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 a.m.8 views

Apache Kyuubi Server vulnerable to Path Traversal

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

8.8CVSS6.8AI score0.00892EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2025/12/25 12:0 a.m.2 views

RiteCMS File Containment Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...

7.5CVSS5.9AI score0.01098EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/18 6:30 p.m.6 views

EUVD-2025-204295

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

8.7CVSS6AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 5:15 p.m.7 views

CVE-2025-14896

due to insufficient sanitazation in Vega’s convert function when safeMode is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths, leading to exposure of sensitiv...

8.7CVSS6.5AI score
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:53 a.m.6 views

Server-Side Request Forgery (SSRF)

Keras is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper handling of the StringLookup layer during model loading from a crafted .keras archive, which allows an attacker to supply local or remote file paths as vocabulary inputs and exploit tf.io.gfile behavior ...

5.9CVSS7.7AI score0.00239EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2025/12/11 12:0 a.m.166 views

📄 Casdoor 2.95.0 Directory Traversal

Casdoor version 2.95.0 directory traversal proof of concept exploit. ============================================================================================================================================= | Title : Casdoor 2.95.0 Directory Traversal | | Author : indoushka | | Tested on :...

6.5CVSS7AI score0.03093EPSS
Exploits10
GithubExploit
GithubExploit
added 2025/12/02 3:43 a.m.160 views

Exploit for CVE-2025-65321

CVE-2025-65321 The Language Sloth Discord bot is vulnerable to...

6.9AI score
Exploits3
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.4 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Mobile Devices that stems from improperly exported Android application components, which could lead to file...

7.1CVSS6.2AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/28 4:42 a.m.8 views

XML External Entity (XXE) Injection

Overview peppol-py is an A python implementation for sending peppol eDelivery AS4 documents. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML validation process. An attacker can access sensitive files from the filesystem and exfiltrate their conten...

5.3CVSS7.4AI score0.00299EPSS
Exploits0References2
Rows per page
Query Builder