Lucene search
K

799 matches found

Cvelist
Cvelist
added 2026/05/16 3:26 p.m.34 views

CVE-2020-37246 WordPress Plugin Supsystic Backup 2.3.9 Local File Inclusion

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

6.9CVSS0.00673EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.15 views

PT-2026-41464

Name of the Vulnerable Software and Affected Versions ProcessMaker version 3.5.4 Description Improper path traversal validation allows unauthenticated attackers to read arbitrary files. By sending requests containing directory traversal sequences, an attacker can access sensitive system files, su...

6.9CVSS5.9AI score0.00776EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.9 views

SUSE CVE-2026-33380

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

7.7CVSS6AI score0.00262EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 5:16 p.m.33 views

CVE-2026-20224

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS0.00696EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 4:8 p.m.19 views

EUVD-2026-30325

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS6AI score0.00696EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 4:8 p.m.43 views

CVE-2026-20224 Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

8.6CVSS0.00696EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 3:34 p.m.16 views

CVE-2026-42597

Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...

5.9CVSS5.8AI score0.00251EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40962

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage, allows an unauthenticated remote attacker to read arbitrary files from the...

8.6CVSS5.9AI score0.00696EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

Cisco Catalyst SD-WAN Manager 输入验证错误漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is an input validation vulnerability in Cisco Catalyst SD-WAN Manager, which stems...

8.6CVSS6AI score0.00696EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:12 p.m.8 views

CVE-2026-44440 ERPNext: Path Traversal Leading to Sensitive File Exposure

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...

6.5CVSS5.9AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 7:28 p.m.10 views

CVE-2026-33380 SQL Expressions Read File From Disk

A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the Grafana server's filesystem. Only instances with the sqlExpressions feature toggle enabled are vulnerable...

6.3CVSS6AI score0.00262EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.13 views

SUSE CVE-2026-7817

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

ERPNext 路径遍历漏洞

ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.101.1 and 16.10.0 of ERPNext contained a path traversal vulnerability. This vulnerability stems from a path traversal vulnerability in endpoints, which could allow...

6.5CVSS5.9AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.11 views

CVE-2025-65418

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url...

7.5CVSS5.9AI score0.00641EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 12:32 p.m.8 views

EUVD-2025-209781

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:20 a.m.11 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40550

Name of the Vulnerable Software and Affected Versions Dalfox versions prior to 2.13.0 Description When running in REST API server mode, the software fails to sanitize the custom-payload-file field within model.Options, which is deserialized directly from the request body and passed to the...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/05/11 9:31 p.m.16 views

MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

7.5CVSS7.3AI score0.00712EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:52 p.m.10 views

CVE-2021-47949

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

8.8CVSS6.4AI score0.00533EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/10 12:52 p.m.13 views

CVE-2021-47949

CVE-2021-47949 affects CyberPanel 2.1 and enables authenticated remote code execution via a symlink attack in the filemanager endpoint. An attacker can modify the completeStartingPath in POST requests to /filemanager/controller to create symbolic links, read sensitive files (e.g., database creden...

8.8CVSS6.4AI score0.00533EPSS
Exploits0References4
Rows per page
Query Builder