Lucene search
K

15 matches found

NVD
NVD
added 2026/04/28 12:16 a.m.6 views

CVE-2026-41370

OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories...

7.1CVSS0.00417EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

Echo 路径遍历漏洞

Echo is a set of open-source community systems developed by Veal98, where the front-end and back-end are not separated. Versions 5.0.0 to 5.0.2 of Echo have a path traversal vulnerability. This vulnerability arises from improper handling of backslashes by the middleware.Static on Windows systems,...

5.3CVSS7.3AI score0.00329EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/12/26 6:30 p.m.8 views

Croogo CMS has a path traversal vulnerability

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

6.5CVSS6.9AI score0.00597EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2024/12/18 6:15 a.m.1 views

CVE-2024-4464

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors...

7.5CVSS5.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/19 12:0 a.m.5 views

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in the improper restriction on the path name to the restricted directory. This allows attackers to read arbitrary files from the file system.

The vulnerability of the Titan SFTP and Titan MFT NextGen server software lies in improper restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files from the file system...

4.3CVSS6.8AI score0.00816EPSS
Exploits3References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/07/25 4:15 p.m.5 views

CVE-2022-35650

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature...

7.5CVSS6.5AI score0.49102EPSS
Exploits0References8
OSV
OSV
added 2020/01/31 1:15 p.m.6 views

CVE-2020-7914

In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3...

7.5CVSS5.9AI score0.01888EPSS
Exploits0References2
OSV
OSV
added 2018/03/16 8:29 p.m.4 views

CVE-2017-14384

In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of th...

6.5CVSS5.8AI score0.01911EPSS
Exploits0References2
CNVD
CNVD
added 2017/10/16 12:0 a.m.10 views

Accellion File Transfer Appliance Path Traversal Vulnerability

Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A directory traversal vulnerability exists in the 'template' function of the functions.inc file in versions of...

7.5CVSS7.6AI score0.56573EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2017/08/18 12:0 a.m.7 views

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” arises from deficiencies in access control and the disclosure of information in error messages, allowing attackers to read arbitrary files.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system stems from deficiencies in access control and the disclosure of information in error messages. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...

7.8CVSS6AI score0.01058EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2016/08/05 2:59 p.m.4 views

CVE-2016-6139

SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...

9.8CVSS5.9AI score0.04154EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2015/11/26 12:0 a.m.6 views

The vulnerability of the Microsoft .NET Framework software platform, which allows a hacker to read arbitrary files

The vulnerability of the XML DTD parser component in the Microsoft .NET Framework is related to the lack of protection for operational data. Exploiting this vulnerability allows an attacker to remotely read arbitrary files by creating external declarations on XXE objects...

4.3CVSS5.6AI score0.61024EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/03/11 4:51 p.m.3 views

RESTEasy: XXE via parameter entities

It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible...

7.5CVSS7.4AI score0.04572EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/08/07 6:1 p.m.4 views

Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging...

5.4CVSS6.6AI score0.02424EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2011/02/23 12:0 a.m.6 views

PT-2011-2318 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.0 before 8.05.23 Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.1 before 8.12.49 Cisco Adaptive Security Appliances ASA 5500 series devices versions...

7.8CVSS6.7AI score0.01401EPSS
Exploits0References7
Rows per page
Query Builder