CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

Debian dsa-6319 : libyelp-dev - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6319 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6319-1 [email protected] https://www.debian.org/security/...

5.8AI score

Exploits0References3

RedhatCVE•added 2026/05/13 2:21 p.m.•3 views

CVE-2026-44127

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...

8.8CVSS5.9AI score0.0006EPSS

Exploits0References1

OSV•added 2026/05/11 2:28 p.m.•1 views

GHSA-HGQW-6M45-HW5F Streamlink has an arbitrary local file read via file:// URI in HLS and DASH

Summary Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream...

6.5CVSS6AI score0.00033EPSS

Exploits1References2

Vulnrichment•added 2026/04/30 11:5 a.m.•4 views

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00001EPSS

Exploits0References1

CVE•added 2026/04/30 11:5 a.m.•3 views

CVE-2026-41882

CVE-2026-41882 affects JetBrains IntelliJ IDEA prior to 2024.3.7.1 and versions 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1. The issue enables reading arbitrary local files via the built‑in web server. The root cause details are not provided in the given documents. A patch is indicated by th...

7.5CVSS5.3AI score0.00001EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/03/30 12:0 a.m.•2 views

CrewAI 安全漏洞

CrewAI is an open-source code execution and analysis tool component developed by CrewAI. CrewAI has a security vulnerability, which stems from a lack of path validation in the JSON loading mechanism, potentially allowing arbitrary local file reading...

7.5CVSS6.5AI score0.00187EPSS

Exploits0References2

CNNVD•added 2026/02/19 12:0 a.m.•4 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu extension that allows sendMediaFeishu to treat an attacker-controlled mediaUrl value as a local file system path and read it...

7.5CVSS5.8AI score0.00028EPSS

Exploits0References3

CNNVD•added 2026/01/28 12:0 a.m.•2 views

ILIAS code-related vulnerabilities

ILIAS is an open-source learning management system developed by ILIAS. Version 4.3 of ILIAS has code-related vulnerabilities; these vulnerabilities stem from server-side request forgery in the portfolio PDF export function, which may lead to the reading of local files...

6.9CVSS5.8AI score0.00047EPSS

Exploits1References4

NVD•added 2026/01/23 5:16 p.m.•2 views

CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS0.0008EPSS

Exploits0References4

CNNVD•added 2026/01/10 12:0 a.m.•2 views

OpenProject 信息泄露漏洞

OpenProject is OpenProject open source a Web-based project management software. OpenProject 16.6.4 before the version of the information leakage vulnerability , the vulnerability stems from the work package PDF export function there is a local file reading vulnerability , an attacker can upload a...

9.1CVSS6.2AI score0.0002EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:0 p.m.•5 views

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl= request with an http or https URL. This also allows reading local files with a file: URL...

6.5CVSS6.8AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:18 a.m.•5 views

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message...

8.2CVSS6AI score0.61EPSS

Exploits5References1

CNNVD•added 2025/12/05 12:0 a.m.•2 views

ReQuest Serious Play Media Player 安全漏洞

ReQuest Serious Play Media Player is a media player software from ReQuest Serious Play, Inc. A security vulnerability exists in ReQuest Serious Play Media Player version 3.0 that stems from not properly validating file parameters, which could allow an attacker to read the contents of a local file...

8.7CVSS6.2AI score0.00057EPSS

Exploits1References4