Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/04/08 7:34 p.m.5 views

CVE-2026-39369

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/11 8:37 p.m.3 views

CVE-2020-37192

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...

6.7CVSS5.6AI score0.00009EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2025/11/03 8:21 a.m.6 views

Path Traversal

esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper sanitization of user-supplied URL components allowing path-traversal and file-scheme requests by which an attacker can craft specially-formed requests that cause the server to read and return arbitrary local files or oth...

8.7CVSS8.8AI score0.00901EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2025/10/17 4:15 p.m.4 views

CVE-2025-62356

A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

7.5CVSS0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 11:15 p.m.4 views

CVE-2022-38802

Zkteco BioTime 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF...

6.2CVSS5.8AI score0.00566EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2012/06/01 12:0 a.m.20 views

Atlassian Crucible 2.5.8 / 2.6.8 / 2.7.12 XML Parsing Vulnerability

According to its self-reported version, the version of Atlassian Crucible running on the remote host is potentially affected by an XML parsing vulnerability. This vulnerability may allow an unauthenticated, remote attacker to perform a denial of service attack against Crucible. This vulnerability...

5.6AI score
Exploits0References2
securityvulns
securityvulnsadded 2008/10/26 12:0 a.m.25 views

Symantec Veritas Storage Foundation unauthorized access

qioadmin utility allows local files read access. qiomkfile allows memory content reading...

4.6CVSS3.7AI score0.00067EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder