Lucene search
K

88 matches found

Nuclei
Nuclei
added yesterday21 views

MapTiler Tileserver-php v2.0 - Unauthenticated File Read

MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit requires crafted web requests id: CVE-2025-44137 info: name: MapTiler Tileserver-php v2.0 -...

8.2CVSS7.1AI score0.0136EPSS
Exploits2References2
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-9282 W3 Total Cache <= 2.9.4 - Unauthenticated Arbitrary File Read via 'f_array[]' Parameter

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00676EPSS
Exploits0References6
OSV
OSV
added 2026/07/03 7:48 a.m.4 views

CVE-2026-47896 Apache Lucene.Net: Unauthenticated arbitrary file read on the Lucene.Net.Replicator replication server

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017. Users are recommended to upgrade to version 4.8.0-beta00018...

8.9CVSS6.1AI score0.00703EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 10:15 p.m.30 views

CVE-2026-8023

CVE-2026-8023 concerns Zephyr’s HTTP server static-filesystem resource handler, where HTTP/1 and HTTP/2 front-ends copied the raw request path into a buffer without removing dot segments. This allowed path traversal to escape the configured web root and read arbitrary files after the filesystem r...

7.5CVSS6.2AI score0.00912EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/29 10:15 p.m.8 views

CVE-2026-8023 Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read

Zephyr's HTTP server subsys/net/lib/http provides a static-filesystem resource type HTTPRESOURCETYPESTATICFS, available when CONFIGFILESYSTEM is enabled that serves files from a configured root directory. Before this fix, both the HTTP/1 and HTTP/2 front-ends placed the raw, attacker-controlled...

7.5CVSS6.2AI score0.00912EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/24 9:13 p.m.16 views

CVE-2026-54066 SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...

7.5CVSS0.01892EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:13 p.m.4 views

CVE-2026-54066 SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 "Path Traversal via Double URL Encoding" sanitized the /export/ route but the identical root cause remains in the /assets/path route. In publish mode anonymous read-only HTTP endpoint,...

7.5CVSS6.1AI score0.01892EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 5:39 p.m.28 views

CVE-2026-54317

Insight (CVE-2026-54317): The Home Assistant Konnected integration exposes an unauthenticated GET endpoint (/api/konnected/device/{device_id}) that reveals alarm-panel state and topology on the LAN. Write operations (POST/PUT) enforce a Bearer token against configured access tokens, but GET reque...

7.6CVSS5.8AI score0.00193EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/04 5:43 p.m.8 views

GHSA-64CJ-QVX5-M4F3 Nhost CLI local configserver allows cross-origin unauthenticated read/write access to local development configuration and secrets

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

5.4CVSS5.9AI score0.00033EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 p.m.11 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS5.8AI score0.00346EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/20 8:58 p.m.176 views

Exploit for Path Traversal in Mikrotik Routeros

Ferramentas de Pentest — /rede Repositório de scripts para au...

9.1CVSS7.5AI score0.96087EPSS
Exploits23
Vulnrichment
Vulnrichment
added 2026/05/16 3:28 p.m.8 views

CVE-2021-47977 WordPress Anti-Malware Security Bruteforce Firewall <= 4.20.72 Directory Traversal

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:28 p.m.11 views

CVE-2021-47942

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...

8.7CVSS5.8AI score0.00498EPSS
Exploits1References4
CVE
CVE
added 2026/05/16 3:28 p.m.19 views

CVE-2021-47942

CVE-2021-47942 concerns Home Assistant Community Store (HACS) 1.10.0. The vulnerability is a path traversal flaw exposed via the /hacsfiles/ endpoint, allowing unauthenticated attackers to read sensitive files (notably .storage/auth) and retrieve credentials/refresh tokens. With this access, an a...

8.7CVSS5.8AI score0.00498EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.17 views

PT-2026-41449

Name of the Vulnerable Software and Affected Versions Home Assistant Community Store HACS version 1.10.0 Description A path traversal issue allows unauthenticated attackers to read sensitive files by traversing directories via the '/hacsfiles/' endpoint. This can be used to retrieve the...

8.7CVSS5.8AI score0.00498EPSS
Exploits1References8
OSV
OSV
added 2026/05/08 5:43 a.m.7 views

BIT-JRE-2020-14796

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

3.1CVSS6.8AI score0.02463EPSS
Exploits0References7
OSV
OSV
added 2026/05/06 2:41 p.m.8 views

BIT-JAVA-MIN-2020-14581

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

4.3CVSS6.7AI score0.03284EPSS
Exploits0References16
GithubExploit
GithubExploit
added 2026/05/06 7:21 a.m.117 views

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 - Zimbra Path Traversal Vulnerability !Secur...

8.8CVSS6.1AI score0.31769EPSS
Exploits5
Cvelist
Cvelist
added 2026/04/30 6:21 p.m.34 views

CVE-2026-40595 Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...

7.5CVSS0.00275EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.12 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that the routes for retrieving and exporting public charts only verify project-level publi...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1
Rows per page
Query Builder