Lucene search
K

1065 matches found

CVE
CVE
added 2026/04/24 6:50 p.m.9 views

CVE-2026-41419

The CVE describes a path traversal vulnerability in 4ga Boards prior to version 3.3.5. An authenticated user with board import privileges can cause the server to ingest arbitrary host files as board attachments during a BOARDS archive import. Once imported, those files may be downloaded via the s...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:50 p.m.4 views

CVE-2026-41419

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35064

Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description A path traversal issue allows an authenticated user with board import privileges to force the server to ingest arbitrary host files as board attachments during the BOARDS archive import process...

7.6CVSS5.3AI score0.00306EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.7 views

Oracle Linux 7 : ImageMagick (ELSA-2026-6713)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6713 advisory. - Fix CVE-2026-28691 and CVE-2026-28693 Orabug: 39174244 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memor...

9.8CVSS6.8AI score0.00794EPSS
Exploits3References3
OSV
OSV
added 2026/04/17 10:17 p.m.2 views

GHSA-JHPV-5J76-M56H OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure

Summary OpenClaw's outbound host-media attachment read helper could enable host-local file reads based on global or agent-level read access without also honoring sender and group-scoped tool policy. In channel deployments that used toolsBySender or group policy to deny read for less-trusted...

6CVSS5.7AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/17 4:0 p.m.31 views

CVE-2026-40515 OpenHarness Permission Bypass via grep and glob root argument

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS0.0023EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.10 views

PT-2026-37010

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.9 through 2026.4.9 Description A sender policy bypass exists in the outbound host-media attachment read helper. This issue allows unauthorized local file disclosure when deployments allow host read or filesystem root...

7.7CVSS5.8AI score0.00236EPSS
Exploits0References7
Veracode
Veracode
added 2026/04/16 8:59 a.m.8 views

Path Traversal

LiquidJS is vulnerable to Path Traversal. The vulnerability is due to the top-level file loads not enforcing the boundary set by the configured root, where a Liquid instance configured with an empty temporary directory as root can return the contents of arbitrary files and attackers can exploit...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/14 11:31 p.m.7 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the EncryptedXml class. An attacker can cause excessive resource consumption by providing specially crafted XML input. Details XXE Injection is a type of attack against an application that parses XM...

8.7CVSS6.3AI score0.01753EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.7 views

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

Summary objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storage path. The vulnerable GIF branch could be abused to read local...

7.6CVSS5.9AI score0.00412EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 12:6 a.m.7 views

coursevault-preview has a path traversal due to improper base-directory boundary validation

Summary coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument t...

5.1CVSS6AI score0.00141EPSS
Exploits1References3Affected Software1
Oracle linux
Oracle linux
added 2026/04/07 12:0 a.m.9 views

ImageMagick security update

6.9.10.68-7.0.7 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memory allocation with excessive without limits in the internal SVG decoder CVE-2026-25985 6.9.10.68-7.0.5 - Fix CVE-2025-62171 and CVE-2026-23876 Orabug: 38997140 6.9.10.68-7.0.3 - Security...

8.6CVSS5.9AI score0.00933EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.11 views

Oracle Linux 7 : ImageMagick (ELSA-2026-5573)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5573 advisory. - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memory allocation with excessive without limits in the interna...

9.8CVSS6AI score0.00794EPSS
Exploits3References3
CVE
CVE
added 2026/04/02 4:44 p.m.20 views

CVE-2026-34785

CVE-2026-34785 affects Rack (modular Ruby web server interface). Vulnerable component: Rack::Static. Issue: a simplistic string-prefix check for URL prefixes (e.g., "/css") causes matches on paths starting with that string, potentially serving files under the static root whose names merely share ...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/01 10:38 p.m.4 views

Directory Traversal

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Directory Traversal via the externaldata paths. If a user runs Copier on an untrusted template, an attacker can access and expose the contents of arbitrary local files by supplying...

6.7CVSS6.5AI score0.00287EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

XmlNotepad 代码问题漏洞

XmlNotepad is an open-source XML document browsing and editing tool developed by Microsoft. Versions of XmlNotepad prior to 2.9.0.21 had code vulnerabilities. These vulnerabilities stemmed from the default setting of enabling DTD processing, which could lead to the disclosure of local file conten...

6.5CVSS5.9AI score0.00986EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/29 6:0 p.m.6 views

CVE-2026-4980

A vulnerability was found in Inkscape due to improper handling of XInclude elements in SVG files. The application processes xi:include directives without restricting access to local resources, allowing external file references such as file:// URIs to be included during document processing. An...

6.3CVSS5.7AI score0.00202EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted...

6.3CVSS6AI score0.00202EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/27 3:30 p.m.5 views

EUVD-2026-16659

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 3:17 p.m.3 views

DEBIAN-CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.4AI score0.00202EPSS
Exploits1References1
Rows per page
Query Builder