Lucene search
K

1216 matches found

Debian CVE
Debian CVE
added 2026/04/24 12:0 a.m.4 views

CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

4CVSS5.3AI score0.00161EPSS
Exploits0
EUVD
EUVD
added 2026/04/23 9:31 p.m.10 views

EUVD-2026-25276

A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow a user to read, modify, or delete files...

9.3CVSS5.8AI score0.00554EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:14 p.m.4 views

CVE-2026-6074

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

9.3CVSS5.9AI score0.00554EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/23 6:14 p.m.29 views

CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

9.8CVSS0.00554EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 2:35 p.m.2 views

GHSA-6VQF-6FHM-7RC6 OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/20 4:14 p.m.34 views

CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS0.00502EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/20 4:14 p.m.5 views

CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

4.9CVSS5.8AI score0.00502EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/18 1:9 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of user-supplied paths in the prefixed function. An attacker can read or write arbitrary files, create directories, and enumerate files outside the intended root directory by sending...

9.6CVSS6.3AI score0.00393EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.7 views

PT-2026-33605

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager DSM allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.8 views

PT-2026-33604

CVE-2026-40530, CVE-2026-4036, and others: Vulnerabilities in Synology DSM, up to 8.0 rating 🔥 Several vulnerabilities in Synology DiskStation Manager DSM allow remote authenticated attacker to read or write files, conduct denial-of-service attacks, and obtain information, including arbitrary...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 12:8 a.m.3 views

CVE-2026-40503

OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape the project...

7.1CVSS5.9AI score0.00414EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.4 views

PT-2026-33304

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

3.5CVSS5.8AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 8:16 p.m.4 views

CVE-2026-21726

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS0.00409EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/15 7:24 p.m.8 views

CVE-2026-21726

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS6AI score0.01489EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/15 7:24 p.m.37 views

CVE-2026-21726 Loki Path Traversal - CVE-2021-36156 Bypass

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 6:31 p.m.6 views

EUVD-2026-22963

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

4.9CVSS6AI score0.09213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 4:3 p.m.4 views

CVE-2026-20148

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

4.9CVSS6AI score0.09213EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33088

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

4.9CVSS6AI score0.09213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.4 views

CVE-2026-30996

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

Cisco ISE和Cisco ISE-PIC 安全漏洞

Cisco ISE and Cisco ISE-PIC are products of the American company Cisco. Cisco ISE is a NAC solution designed to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE-PIC is a component of Cisco ISE. Both Cisco ISE and Cisco ISE-PIC have...

4.9CVSS6AI score0.09213EPSS
Exploits0References1
Rows per page
Query Builder