Lucene search
K

799 matches found

Cvelist
Cvelist
added 2026/05/10 12:12 p.m.34 views

CVE-2022-50954 WordPress Plugin cab-fare-calculator 1.0.3 Local File Inclusion

WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to...

6.9CVSS0.00385EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.9 views

CVE-2026-30817

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

6.8CVSS5.9AI score0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 9:25 p.m.7 views

CVE-2026-40075

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

8.2CVSS6AI score0.00558EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

WordPress plugin Loco Translate 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.9CVSS5.8AI score0.0064EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

HP Printer Directory Traversal (CVE-2008-4419)

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color...

7.8CVSS6AI score0.03514EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that can be exploited by an attacker to bypass file system sandboxing restrictions to read arbitrary files...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 6:50 p.m.33 views

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS0.00306EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/04/23 8:24 a.m.26 views

Yoco Payments <= 3.8.8 - Path Traversal

Yoco Payments WordPress plugin = 3.8.8 contains a path traversal caused by improper validation of the file parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2025-13801 info: name: Yoco Payments = 3.8.8 - Path Traversal author: 0xAkoko severity: high...

7.5CVSS5.9AI score0.01709EPSS
Exploits0
Snyk
Snyk
added 2026/04/22 5:43 p.m.7 views

External Control of File Name or Path

Overview i18next-fs-backend is an i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Affected versions of this package are vulnerable to External Control of File Name or Path that leads to raw interpolation of lng and ns value...

8.8CVSS5.9AI score0.00292EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:57 p.m.3 views

CVE-2026-41062

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

6.5CVSS5.9AI score0.00718EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/21 2:35 p.m.11 views

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.15 views

PT-2026-34002

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

4.9CVSS5.9AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 1:55 p.m.11 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 is affected by an SSRF in the oEmbedProxy action of the editor/editor module. The url parameter is passed directly to getUrl() via curl without scheme or destination validation, allowing authenticated backend users to supply file:// URLs to read arbitrary files readable by ...

8.3CVSS5.9AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33773

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS5.9AI score0.00256EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/18 12:0 a.m.33 views

Wish has SCP Path Traversal that allows arbitrary file read/write

The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequence...

9.6CVSS5.9AI score0.00393EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/15 5:17 p.m.6 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS0.00738EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 4:3 p.m.22 views

CVE-2026-20148

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by a path traversal vulnerability due to improper input validation. An authenticated attacker with administrative credentials can issue a crafted HTTP request to read arbitrary files on the underlying OS. Exploitation details indicate ...

4.9CVSS6AI score0.06919EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/15 12:0 a.m.23 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

0.00738EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

TP-Link Archer AX53 安全漏洞

The TP-Link Archer AX53 is a dual-core router produced by TP-Link Corporation. Prior to the version v1.0 1.7.1 Build 20260213, the TP-Link Archer AX53 had a security vulnerability. This vulnerability stemmed from an issue with the external configuration control of the OpenVPN module, which could...

6.8CVSS5.9AI score0.00276EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/04/02 12:0 a.m.10 views

VulnCheck KEV: CVE-2026-1557

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

7.5CVSS5.9AI score0.01722EPSS
In wildExploits0References2
Rows per page
Query Builder