Lucene search
K

799 matches found

RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.3 views

CVE-2026-31831

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has be...

8.7CVSS5.9AI score0.00477EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Metabase 代码问题漏洞

Metabase is an open-source data analysis platform developed by the American company Metabase. Code vulnerabilities existed in versions of Metabase Enterprise prior to 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4. These vulnerabilities stemmed from deserialization attacks at the...

7.2CVSS6.4AI score0.00763EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.3 views

CVE-2026-28889

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root...

6.2CVSS5.9AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.10 views

CVE-2026-33171

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...

4.3CVSS5.8AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.6 views

CVE-2026-3013

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in versi...

8.7CVSS5.8AI score0.00532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.6 views

CVE-2026-30958

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

8.6CVSS7.4AI score0.01102EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33476

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS5.9AI score0.03256EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Roadiz development monorepo 代码问题漏洞

The Roadiz Development Monorepo is an open-source content management system development kit developed by Roadiz. Versions of the Roadiz Development Monorepo prior to 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contained code vulnerabilities. These vulnerabilities allowed authenticated attackers to read...

6.8CVSS6AI score0.00383EPSS
Exploits1References2
NVD
NVD
added 2026/03/25 1:17 a.m.4 views

CVE-2026-28889

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root...

6.2CVSS0.00112EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 12:31 a.m.3 views

CVE-2026-28889

A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root...

5.9AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

Apple Xcode 安全漏洞

Apple Xcode is an integrated development environment provided by the American company Apple for developers. It is primarily used for developing applications for Mac OS X and iOS. Versions of Apple Xcode prior to 26.4 contained security vulnerabilities, which were due to permission issues,...

6.2CVSS5.9AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 12:30 p.m.5 views

EUVD-2019-20004

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...

6.9CVSS5.9AI score0.00557EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/24 11:27 a.m.4 views

CVE-2019-25632 phpFileManager 1.7.8 Local File Inclusion via index.php

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fmcurrentdir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive files...

6.9CVSS5.9AI score0.00557EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27366

phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm current dir, and filename parameters. Attackers can send GET requests to index.php with crafted parameter values to access sensitive file...

6.9CVSS5.9AI score0.00557EPSS
Exploits1References4
NVD
NVD
added 2026/03/21 4:16 p.m.5 views

CVE-2019-25577

SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...

6.8CVSS0.0088EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 9:39 p.m.6 views

CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...

4.3CVSS5.8AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 6:31 p.m.3 views

EUVD-2026-13742

File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system...

5.9AI score0.00612EPSS
Exploits0References3
NVD
NVD
added 2026/03/20 6:16 p.m.3 views

CVE-2026-30580

File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system...

4.3CVSS0.00612EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 12:0 a.m.23 views

CVE-2026-30580

File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system...

0.00612EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26650

CVE-2026-30580 File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary… https://t.co/olkBtQ0mG8...

5.8AI score0.00612EPSS
Exploits0References4
Rows per page
Query Builder