Lucene search
K

6490 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2026-20191 Cisco Catalyst Center Arbitrary File Read Vulnerability

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday70 views

Gradio < 2.5.0 - Arbitrary File Read

Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...

7.7CVSS7.1AI score0.03794EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday32 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS7.3AI score0.03847EPSS
Exploits13References5
Nuclei
Nuclei
added yesterday20 views

Pichome 2.1.0 - Arbitrary File Read

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

6.9CVSS5.9AI score0.01623EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday26 views

Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

7.5CVSS7.1AI score0.06344EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday38 views

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS7.4AI score0.08147EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday21 views

Frappe Framework < 16.15.0 - Arbitrary File Read via render_include Path Traversal

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above. id: CVE-2026-39352 info: name: Frappe Framework 16.15.0 - Arbitrary File...

8.7CVSS5.8AI score0.01279EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday36 views

Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

8.6CVSS7.3AI score0.03145EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday17 views

WP Responsive Images <= 1.0 - Arbitrary File Read

WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...

7.5CVSS5.9AI score0.01722EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday11 views

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

8.7CVSS7.4AI score0.01083EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday29 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.3AI score0.03333EPSS
Exploits1References6
Nuclei
Nuclei
added yesterday52 views

Mitel MiCollab - Arbitary File Read

The Mitel Collab Arbitrary File Read vulnerability allows an unauthenticated attacker to read arbitrary files from the underlying file system on a Mitel Collab server. Exploiting this flaw involves sending specially crafted requests to the server, bypassing access controls and allowing the attack...

9.8CVSS7.2AI score0.98067EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday36 views

CrateDB Database - Arbitrary File Read

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

6.5CVSS6.8AI score0.03084EPSS
Exploits1
Nuclei
Nuclei
added yesterday68 views

WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read

WordPress Responsive Vector Maps 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user to read arbitrary files on the w...

6.5CVSS6.8AI score0.03005EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday30 views

WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read

WooCommerce Designer Pro theme for WordPress = 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication. id: CVE-2025-10897 info: nam...

8.6CVSS5.9AI score0.01844EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday21 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday22 views

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

8.8CVSS5.8AI score0.26409EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday19 views

Blinko <= 1.8.3 - Path Traversal via /plugins

Blinko = 1.8.3 contains a path traversal caused by improper path concatenation without verification in the plugin file server endpoint, letting remote attackers access arbitrary files, exploit requires network access. id: CVE-2026-23483 info: name: Blinko = 1.8.3 - Path Traversal via /plugins...

6.9CVSS6AI score0.00771EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday11 views

OfficeWeb365 Indexs Interface - Arbitrary File Read

There is any file reading in the officeWeb365 Indexs interface. id: CVE-2024-37728 info: name: OfficeWeb365 Indexs Interface - Arbitrary File Read author: DhiyaneshDK severity: high description: | There is any file reading in the officeWeb365 Indexs interface. impact: | Unauthenticated attackers...

7.5CVSS5.8AI score0.01852EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday9 views

Jan v0.4.12 'readFileSync' - Path Traversal

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. id: CVE-2024-36857 info: name: Jan v0.4.12 'readFileSync' - Path Traversal author: Yusuf Amr severity: high description: | Jan v0.4.12 was discovered to contain an arbitrary file rea...

7.5CVSS5.9AI score0.02054EPSS
Exploits1References2
Rows per page
Query Builder