Lucene search
K

3710 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-44549

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

6.8CVSS6.2AI score
Exploits0References1
Nuclei
Nuclei
added yesterday18 views

Flowise 1.4.3 - Arbitrary File Read

Flowise 1.4.3 contains a path traversal caused by lack of sanitization of 'fileName' parameter in /api/v1/openai-assistants-file endpoint in index.ts, letting attackers read arbitrary files, exploit requires attacker to send crafted request. id: CVE-2024-36420 info: name: Flowise 1.4.3 - Arbitrar...

7.5CVSS7AI score0.01776EPSS
Exploits3References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-43605

A Denial of Service DoS vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations...

7.5CVSS6.1AI score0.00155EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-51539

A Denial of Service DoS vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations...

7.5CVSS0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-51539

A Denial of Service DoS vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations...

0.00155EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-51539

The CVE-2026-51539 entry describes a DoS in the Windows receive loop of libmodbus 3.1.12 caused by improper timeout management during network reads. Affected component is the libmodbus network receive path; root cause is timeout handling in read operations. Documented impact is Denial of Service ...

7.5CVSS6.1AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-15143

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS0.00255EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2026-15143

CVE-2026-15143 affects guardrails-detectors' file_type content detector. An attacker can supply an arbitrary XML Schema (XSD) string, processed without proper restrictions, enabling server-side requests to arbitrary URLs or local file reads and risking disclosure of sensitive information.

9.3CVSS6.1AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-15143 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:)

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS0.00255EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42927

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS6.1AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42919

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS0.00094EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-15378 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:)

A flaw was found in the guardrails-detectors component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery SSRF by submitting a specially crafted XML Schema Definition XSD string. This can lead to unauthorized access to sensitive information, including...

9.3CVSS0.00424EPSS
Exploits0References2
CVE
CVE
added last week14 views

CVE-2026-55874

SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...

7.7CVSS6AI score0.00327EPSS
Exploits0References4
NVD
NVD
added last week14 views

CVE-2026-57258

The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...

6.1CVSS0.00112EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-42190

The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes...

6.1CVSS6AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 4:30 a.m.7 views

EUVD-2026-42159

The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS6AI score0.00692EPSS
Exploits0References7
Amazon
Amazon
added 2026/07/08 12:0 a.m.7 views

Important: gstreamer-plugins-bad-free

Issue Overview: A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker...

8.8CVSS6.6AI score0.0053EPSS
Exploits0
OSV
OSV
added 2026/07/07 11:45 a.m.3 views

PYSEC-2026-1516 Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever

A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...

4.8CVSS6.7AI score0.00691EPSS
Exploits1References8
CVE
CVE
added 2026/07/06 8:38 a.m.20 views

CVE-2026-24013

CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...

9.1CVSS6AI score0.00471EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder