Lucene search
K

22 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54317

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS0.00193EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/06/02 8:56 a.m.90 views

network-vulnerability-assessment-lab

Network Attack and Defence Technology Lab Project Overview...

10CVSS7.5AI score0.99999EPSS
Exploits131
VulnCheck KEV
VulnCheck KEV
added 2026/05/21 12:0 a.m.51 views

VulnCheck KEV: CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS6.1AI score0.69996EPSS
In wildExploits7References15
Github Security Blog
Github Security Blog
added 2026/03/18 4:18 p.m.9 views

h3 has a Path Traversal via Percent-Encoded Dot Segments in serveStatic Allows Arbitrary File Read

Summary serveStatic in h3 is vulnerable to path traversal via percent-encoded dot segments %2e%2e, allowing an unauthenticated attacker to read arbitrary files outside the intended static directory on Node.js deployments. Details The vulnerability exists in src/utils/static.ts at line 86:...

6.1AI score
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:20 p.m.4 views

CVE-2026-30848

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...

6.3CVSS5.7AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/27 1:1 a.m.23 views

CVE-2026-22877 Copeland XWEB and XWEB Pro Path Traversal

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...

3.7CVSS0.00552EPSS
Exploits0References3
OSV
OSV
added 2026/02/21 8:39 a.m.6 views

BIT-GHOST-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.7AI score0.69996EPSS
Exploits7References5
NVD
NVD
added 2026/02/20 2:16 a.m.10 views

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS0.69996EPSS
Exploits7References4
OSV
OSV
added 2026/02/20 1:0 a.m.8 views

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.7AI score0.69996EPSS
Exploits7References6
Vulnrichment
Vulnrichment
added 2026/02/20 1:0 a.m.4 views

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.7AI score0.69996EPSS
Exploits7References3
CVE
CVE
added 2026/02/20 1:0 a.m.82 views

CVE-2026-26980

CVE-2026-26980 is Ghost CMS unauthenticated SQL injection in the Content API (pre-6.19.1). Affected Ghost versions are 3.24.0 through 6.19.0; fixed in 6.19.1. The vulnerability allows reading arbitrary data from the database, with reports indicating attackers can exfiltrate sensitive data such as...

9.4CVSS5.7AI score0.69996EPSS
In wildExploits7References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/20 1:0 a.m.8 views

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.7AI score0.69996EPSS
Exploits7References4Affected Software1
Cvelist
Cvelist
added 2026/02/20 1:0 a.m.32 views

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS0.69996EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.4 views

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

7.5CVSS5.5AI score0.00809EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/15 12:0 a.m.3 views

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

6.5AI score0.00809EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/10 10:32 p.m.5 views

CVE-2018-25124 PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

8.7CVSS6.5AI score0.00903EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/19 5:42 a.m.11 views

CVE-2025-11738

The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can...

5.3CVSS6.1AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.9 views

PT-2024-38966 · WordPress · Social Web Suite – Social Media Auto Post

Name of the Vulnerable Software and Affected Versions: The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress versions up to, and including, 4.1.11 Description: The issue concerns a Directory Traversal vulnerability, which allows unauthenticated attackers to...

7.5CVSS7.3AI score0.0096EPSS
Exploits0References13
OSV
OSV
added 2024/08/12 1:38 p.m.6 views

CVE-2024-7693

Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal vulnerability, allowing unauthenticated remote attackers to read arbitrary file on the remote server...

7.5CVSS6AI score0.00965EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.5 views

sensepost gowitness 授权问题漏洞

gowitness is a website screenshot utility program written in Golang. An authorization issue vulnerability exists in sensepost gowitness that stems from a lack of authentication measures in gowitness. Exploitation of this vulnerability allows an unauthenticated attacker to perform arbitrary file...

7.5CVSS7.5AI score0.01252EPSS
Exploits0References2
Rows per page
Query Builder