Lucene search
+L

3433 matches found

Nuclei
Nuclei
added 18 hours ago73 views

Gradio - Absolute Path Traversal

Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...

7.5CVSS8.5AI score0.03095EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago53 views

LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS7.4AI score0.01957EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago52 views

MLflow Absolute Path Traversal

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. id: CVE-2023-3765 info: name: MLflow Absolute Path Traversal author: DhiyaneshDK severity: critical description: | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. impact: | This vulnerability can...

10CVSS8.3AI score0.70736EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago73 views

Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. id: CVE-2021-38146 info: name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Downloa...

7.5CVSS7.6AI score0.11733EPSS
Exploits3References4
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45331

IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents,...

8.1CVSS5.5AI score0.00201EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2 days ago11 views

Prompty: Arbitrary file read via file reference expansion

Summary Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that the resolved path stayed within an authorized directory. An attacker-controlled prompt file could use path traversal or an absolute path to cause the host application to read files accessible to t...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References4Affected Software3
NVD
NVD
added 2 days ago6 views

CVE-2026-9587

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS0.00229EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45206

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS5.3AI score0.00229EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-9587

CVE-2026-9587 describes an authenticated local file inclusion in Sangoma Switchvox SMB Edition 8.3 (104997). The issue resides in the play_file function where the sound_path input is not properly validated, allowing an attacker to supply absolute paths to read files outside the intended directory...

7.1CVSS5.4AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS0.00229EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 days ago10 views

CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal

An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...

7.1CVSS5.4AI score0.00229EPSS
Exploits0References2
CVE
CVE
added 3 days ago26 views

CVE-2026-44174

Kirby CMS (versions prior to 4.9.1 and 5.4.1) exposes REST API search and collection queries that did not validate model attributes, allowing authenticated users to invoke arbitrary model methods (e.g., password(), root(), loginPasswordless(), delete()) via collection endpoints. This can disclose...

8.7CVSS6.2AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 3 days ago10 views

CVE-2026-45568

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...

9.9CVSS0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...

9.9CVSS0.00356EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-45568 zrok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

zrok is software for sharing web services, files, and network resources. Prior to 2.0.3, zrok's Python SDK ProxyShare Flask proxy route accepts an absolute URL in the request path and passes it to urllib.parse.urljoin, allowing the requested path to replace the configured target host and causing...

9.9CVSS6.1AI score0.00356EPSS
Exploits0References5
CVE
CVE
added 3 days ago14 views

CVE-2026-53598

The CVE-2026-53598 issue affects Prompty (.prompty) loaders that expanded ${file:...} references in frontmatter before 2.0.0-beta.2, allowing an attacker-controlled prompt to read local files via absolute paths, .. traversal, or symlink escapes. Root cause: path confinement was not enforced durin...

7.5CVSS6.1AI score0.01057EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-53598

Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...

7.5CVSS6.1AI score0.01057EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 3 days ago8 views

CVE-2026-53598 Prompty: Arbitrary File Read via ${file:path} Reference Expansion

Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-53598 Prompty: Arbitrary File Read via ${file:path} Reference Expansion

Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...

7.5CVSS0.01057EPSS
Exploits0References2
OSV
OSV
added 3 days ago6 views

CVE-2026-59863 Kiota: Workspace-config poisoning: out-of-repo file write + generation-time SSRF

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath values during kiota client generate and kiota plugin generate, allowing a malicious repository or pu...

7CVSS6.2AI score0.01123EPSS
Exploits0References6
Rows per page
Query Builder