CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

700 matches found

RedhatCVE•added 2026/01/13 10:52 p.m.•3 views

CVE-2026-22600

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

9.1CVSS6.4AI score0.00016EPSS

Exploits0References1

NVD•added 2026/01/10 2:15 a.m.•1 views

CVE-2026-22600

9.1CVSS0.00016EPSS

Exploits0References2

Vulnrichment•added 2026/01/10 1:6 a.m.•2 views

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

9.1CVSS6.2AI score0.00016EPSS

Exploits0References2

EUVD•added 2026/01/10 1:6 a.m.•3 views

EUVD-2026-1887

9.1CVSS6AI score0.00016EPSS

Exploits0References2

OSV•added 2026/01/10 1:6 a.m.•2 views

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

9.1CVSS6.3AI score0.00016EPSS

Exploits0References4

CVE•added 2026/01/10 1:6 a.m.•11 views

CVE-2026-22600

OpenProject before 16.6.4 is affected by a Local File Read (LFR) vulnerability in the work package PDF export feature. An attacker can craft an SVG file disguised as a PNG and upload it as a work package attachment; during PDF export, ImageMagick is triggered to resize the image, causing the text...

9.1CVSS6.2AI score0.00016EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/01/10 1:6 a.m.•25 views

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

9.1CVSS0.00016EPSS

Exploits0References2

Positive Technologies•added 2026/01/10 12:0 a.m.•4 views

PT-2026-2220

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.4 Description OpenProject is a web-based project management software. A Local File Read issue exists in the work package PDF export functionality. By uploading a specially crafted SVG file disguised as a PNG ...

9.1CVSS6.4AI score0.00016EPSS

Exploits0References15

NVD•added 2026/01/08 12:15 a.m.•1 views

CVE-2017-20212

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile function to access...

8.7CVSS0.00544EPSS

Exploits1References5

Positive Technologies•added 2025/12/26 7:3 p.m.•1 views

PT-2025-135: Local File Read in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

6.9CVSS5.9AI score

Exploits0

Positive Technologies•added 2025/12/25 1:49 p.m.•1 views

PT-2025-133: Local File Read in OpenPDF

The vulnerability was identified in OpenPDF, version 2.0.4. The discovered vulnerability allows an attacker to read arbitrary files on the server by inserting absolute paths or directory traversal sequences in the HTML‑tag attributes processed by OpenPDF. This enables the disclosure of confidenti...

6.9CVSS5.9AI score

Exploits0

RedhatCVE•added 2025/12/23 11:29 p.m.•10 views

CVE-2021-47714

Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pgreadfile PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server...

6.9CVSS7.6AI score0.00018EPSS

Exploits1References1

EUVD•added 2025/12/23 12:30 a.m.•4 views

EUVD-2021-34745

6.9CVSS7.1AI score0.00018EPSS

Exploits1References4

Packet Storm•added 2025/12/23 12:0 a.m.•175 views

📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection

PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...

7.6AI score

Exploits0

OSV•added 2025/12/22 10:15 p.m.•3 views

CVE-2021-47714

5.5CVSS7.5AI score

Exploits0References3

NVD•added 2025/12/22 10:15 p.m.•2 views

CVE-2021-47714

6.9CVSS0.00018EPSS

Exploits1References3

Cvelist•added 2025/12/22 9:35 p.m.•19 views

CVE-2021-47714 Hasura GraphQL 1.3.3 Local File Read via SQL Injection

6.9CVSS0.00018EPSS

Exploits1References3

CVE•added 2025/12/22 9:35 p.m.•9 views

CVE-2021-47714

Hasura GraphQL Engine 1.3.3 is affected by a local file read vulnerability exploitable via SQL injection at the query endpoint, enabling reading arbitrary files on the server through PostgreSQL’s pg_read_file(). Root cause is unsanitized SQL path in the query endpoint that allows crafting queries...

6.9CVSS7.2AI score0.00018EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2025/12/22 9:35 p.m.•2 views

CVE-2021-47714 Hasura GraphQL 1.3.3 Local File Read via SQL Injection

6.9CVSS7.2AI score0.00018EPSS

Exploits1References3

Positive Technologies•added 2025/12/22 12:0 a.m.•4 views

PT-2025-52690

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 has a local file read issue. Attackers can access system files through SQL injection in the query endpoint. Exploitation involves the pg read file PostgreSQL function via...

6.9CVSS7.3AI score0.00018EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by