Lucene search
K

741 matches found

Nuclei
Nuclei
added yesterday13 views

Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read

Apache CXF before 4.0.4, 3.6.3 and 3.5.8 has a Server-Side Request Forgery SSRF vulnerability when using the Aegis DataBinding. The XOP Include mechanism in multipart SOAP requests can be abused to read local files or make server-side HTTP requests to arbitrary URLs. An attacker can use this to...

9.3CVSS6.9AI score0.05849EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday89 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS6.3AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday289 views

Eclipse Mojarra - Local File Read

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. id: CVE-2020-6950 info: name: Eclipse Mojarra - Local File Read author: iamnoooob,pdresearch severity: medium description: | Directory traversal in Eclipse Mojarra...

6.5CVSS6.9AI score0.10124EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday216 views

Vitest Browser Mode - Local File Read

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...

7.5CVSS6.8AI score0.02317EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago42 views

BOA Web Server 0.94.14 - Arbitrary File Access

BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...

7.8CVSS7.1AI score0.68243EPSS
Exploits6References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-11426 UnderConstructionPage PRO <= 5.76 - Authenticated (Subscriber+) Arbitrary File Read via template_thumbnail Parameter

The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the templatethumbnail parameter and copying their contents into a publicly accessible uploads file...

6.5CVSS0.00308EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-55878

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS6AI score0.00146EPSS
Exploits0References5Affected Software1
CVE
CVE
added last week9 views

CVE-2026-59819

LiteLLM (proxy for LLM APIs) prior to 1.83.10-stable has a local file read risk via the /health/test_connection endpoint. A privileged caller (e.g., proxy administrator) could supply environment/oidc/file references in litellm_params to read arbitrary local files, exposing sensitive contents. The...

4.9CVSS5.9AI score0.00258EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added last week34 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS0.00258EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 4:16 p.m.8 views

CVE-2026-58203

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 2:24 p.m.15 views

EUVD-2026-41878

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00138EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 2:24 p.m.3 views

CVE-2026-58203 NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00138EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 2:24 p.m.17 views

CVE-2026-58203

CVE-2026-58203 affects pydantic-settings, specifically NestedSecretsSettingsSource. From 2.12.0 through 2.14.2, when secrets_nested_subdir is true, a directory entry that is a symbolic link to outside secrets_dir is followed, enabling reading files outside the configured directory and bypassing s...

5.3CVSS6AI score0.00138EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:24 p.m.4 views

CVE-2026-58203

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00138EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/03 7:22 p.m.2 views

SUSE-SU-2026:2754-1 Security update for python3-lxml

This update for python3-lxml fixes the following issue - CVE-2026-41066: information disclosure via untrusted XML input leading to local file read bsc1263254...

7.5CVSS5.9AI score0.00324EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:19 p.m.2 views

SUSE-SU-2026:2752-1 Security update for python3-lxml

This update for python3-lxml fixes the following issue - CVE-2026-41066: Information disclosure via untrusted XML input leading to local file read bsc1263254...

7.5CVSS5.9AI score0.00324EPSS
Exploits1References3
OSV
OSV
added 2026/07/02 9:14 p.m.3 views

GHSA-RH62-J648-G5QC Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB

Impact Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API. When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...

7.8CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/07/02 5:31 p.m.3 views

SUSE-SU-2026:2729-1 Security update for python-lxml

This update for python-lxml fixes the following issue - CVE-2026-41066: information disclosure via untrusted XML input leading to local file read bsc1263254...

7.5CVSS5.9AI score0.00324EPSS
Exploits1References3
OSV
OSV
added 2026/07/02 5:30 p.m.3 views

SUSE-SU-2026:2728-1 Security update for python-lxml

This update for python-lxml fixes the following issue - CVE-2026-41066: information disclosure via untrusted XML input leading to local file read bsc1263254...

7.5CVSS5.9AI score0.00324EPSS
Exploits1References3
OSV
OSV
added 2026/07/01 7:1 p.m.3 views

GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.9CVSS6.1AI score0.00028EPSS
Exploits0References2
Rows per page
Query Builder