Lucene search
K

2508 matches found

Snyk
Snyk
added 2026/06/10 11:12 p.m.8 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.10 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 2:16 p.m.15 views

CVE-2026-52755

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS0.00215EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 12:41 p.m.35 views

CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS0.00215EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 3:14 a.m.37 views

CVE-2026-24717 QTS, QuTS hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

5.1CVSS0.00392EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 p.m.10 views

CVE-2016-20064

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS0.00671EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 a.m.8 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 11:48 a.m.18 views

CVE-2016-20064

CVE-2016-20064 affects WP Vault 0.8.6.6, where an unauthenticated attacker can trigger a local file inclusion via an unescaped wpv-image GET parameter. The vulnerability allows traversal to access sensitive files (e.g., system configuration) due to improper handling in the include function. Accor...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 11:48 a.m.10 views

EUVD-2016-10877

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 11:48 a.m.26 views

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS0.00671EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 11:16 a.m.11 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS0.00313EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:54 a.m.26 views

CVE-2026-49742

CVE-2026-49742 affects TYPO3 CMS where Backend users with file download permissions can access files from the FAL fallback storage via the Media Module. The fallback storage resolves paths relative to the server document root, potentially exposing sensitive files (e.g., log files). Affected versi...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:54 a.m.31 views

CVE-2026-49742 TYPO3 CMS - Broken Access Control in Media Module

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS0.00313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47749

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 Description Backend users with file download permissions can download files...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47764

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/08 1:55 a.m.45 views

CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS0.00342EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47266

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/06 5:48 a.m.85 views

Exploit for Path Traversal in Open-Emr Openemr

CVE-2026-24849 OpenEMR Authenticated Arbitrary File Read Eth...

9.9CVSS5.6AI score0.02164EPSS
Exploits4
NVD
NVD
added 2026/06/05 9:16 p.m.12 views

CVE-2026-11423

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

9.4CVSS0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.13 views

CVE-2026-42063

A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.5AI score0.0029EPSS
Exploits0References1
Rows per page
Query Builder