Lucene search
K

20391 matches found

ATTACKERKB
ATTACKERKB
added 12 hours ago6 views

CVE-2026-12194

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS6.1AI score
Exploits0References2
CVE
CVE
added 12 hours ago12 views

CVE-2026-12194

PHPIPAM is affected by an authenticated local file inclusion vulnerability that can allow API-authenticated users to include arbitrary PHP files on the server filesystem. The API is not enabled by default on installations. The CVSS metrics indicate a low-severity issue with network access, low ef...

2.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 12 hours ago4 views

EUVD-2026-41659

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations...

2.3CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added 16 hours ago24 views

Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion

A directory traversal vulnerability in the AlphaUserPoints comalphauserpoints component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the view parameter to index.php. id: CVE-2010-1476 info: name: Joomla! Componen...

6.8CVSS6.1AI score0.0994EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago34 views

Joomla! Percha Categories Tree 0.6 - Local File Inclusion

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2033 info: name:...

7.5CVSS6.1AI score0.15795EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago23 views

MasterSAM Star Gate v11 - Local File Inclusion

MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information...

6.5CVSS7.3AI score0.03012EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago25 views

Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the J!WHMCS Integrator comjwhmcs component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1977 info: name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File...

7.5CVSS6.1AI score0.07402EPSS
Exploits2References3
Nuclei
Nuclei
added 16 hours ago46 views

Joomla! ionFiles 4.4.2 - Local File Inclusion

Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles comionfiles that allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2008-6080 info: name: Joomla! ionFiles 4.4.2 - Local File Inclusion author: daffainfo...

5CVSS6.1AI score0.10637EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago42 views

WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion

WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. id: CVE-2015-5469 info: name: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion author:...

7.5CVSS7.2AI score0.10148EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago47 views

Huawei Firewall - Local File Inclusion

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

4.3CVSS6AI score0.01238EPSS
Exploits0References1
Nuclei
Nuclei
added 16 hours ago25 views

Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

5CVSS7.4AI score0.04306EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago35 views

Web Directory Free < 1.7.3 - Local File Inclusion

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include, which could lead to Local File Inclusion issues. id: CVE-2024-3673 info: name: Web Directory Free 1.7.3 - Local File Inclusion author: s4e-io severity: critical description: | The Web...

9.1CVSS7.2AI score0.05578EPSS
Exploits2References3
Nuclei
Nuclei
added 16 hours ago28 views

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion

STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

7.5CVSS7.2AI score0.11615EPSS
Exploits7References5
Nuclei
Nuclei
added 16 hours ago51 views

Gradio Hugging Face - Local File Inclusion

Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio 3.33 id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works...

7.5CVSS7.1AI score0.0228EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago540 views

Thinkphp Lang - Local File Inclusion

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. id:...

9.8CVSS7.3AI score0.15505EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago31 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.3AI score0.02884EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago30 views

Zaver - Local File Inclusion

Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. id: CVE-2022-38794 info: name: Zaver - Local File Inclusion author: pikpikcu severity: high description: | Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. impact: |...

7.5CVSS7.1AI score0.03599EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago36 views

Traggo Server - Local File Inclusion

traggo/server version 0.3.0 is vulnerable to directory traversal. id: CVE-2023-34843 info: name: Traggo Server - Local File Inclusion author: DhiyaneshDk severity: high description: | traggo/server version 0.3.0 is vulnerable to directory traversal. impact: | Successful exploitation of this...

7.5CVSS7.1AI score0.07176EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago97 views

NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read

NAKIVO Backup & Replication is a data protection solution used for backing up and restoring virtualized and physical environments. A vulnerability has been identified in certain versions of NAKIVO Backup & Replication that allows an unauthenticated attacker to read arbitrary files on the underlyi...

8.6CVSS7.3AI score0.93995EPSS
Exploits2References1
Nuclei
Nuclei
added 16 hours ago28 views

Mlflow < 2.17.0 - Local File Inclusion

Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2024-8859...

7.5CVSS7.1AI score0.02484EPSS
Exploits1References3
Rows per page
Query Builder