Lucene search
K

16632 matches found

EUVD
EUVD
added 14 hours ago7 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score
Exploits0References6
Nuclei
Nuclei
added 18 hours ago30 views

webp_server_go 0.4.0 - Path Traversal

webpservergo 0.4.0 contains a path traversal caused by insufficient sanitization in file handling, letting attackers read arbitrary files on the server, exploit requires attacker to send crafted requests. id: CVE-2021-46104 info: name: webpservergo 0.4.0 - Path Traversal author: pikpikcu severity...

7.5CVSS7AI score0.04231EPSS
Exploits1References1
Nuclei
Nuclei
added 18 hours ago20 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS6.2AI score0.17393EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago55 views

Vite - Path Traversal

Vite versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13 contain a file exposure vulnerability caused by improper handling of request URLs with '' in the dev server running on Node or Bun, letting attackers access arbitrary files, exploit requires the server to be exposed to the network an...

6CVSS6.7AI score0.01736EPSS
Exploits2References2
Nuclei
Nuclei
added 18 hours ago5 views

OneUptime < 10.0.21 - Path Traversal

OneUptime 10.0.21 contains a path traversal caused by unsanitized componentName parameter in /workflow/docs/:componentName endpoint, letting unauthenticated attackers read arbitrary files from the server filesystem. id: CVE-2026-30958 info: name: OneUptime 10.0.21 - Path Traversal author:...

8.6CVSS7.1AI score0.01102EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago13 views

Mockoon < 9.2.0 - Path Traversal

Mockoon before 9.2.0 contains a path traversal and local file inclusion caused by unsafe templating of server filenames from user input, letting attackers read arbitrary files on the mock server filesystem, exploit requires crafted request. id: CVE-2025-59049 info: name: Mockoon 9.2.0 - Path...

7.5CVSS7.1AI score0.0166EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago62 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.1AI score0.02884EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago70 views

Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

7.5CVSS7.1AI score0.04736EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago85 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.1AI score0.50734EPSS
Exploits4References4
Nuclei
Nuclei
added 18 hours ago173 views

CMSimple 3.1 - Local File Inclusion

CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when registerglobals is enabled which allows remote attackers to include and execute arbitrary local files via a .. dot dot in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including...

6.8CVSS6.4AI score0.18809EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago65 views

Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...

7.8CVSS6.2AI score0.28806EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago64 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7AI score0.08449EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago39 views

Osclass Security Advisory 3.4.1 - Local File Inclusion

A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter in a render action to oc-admin/index.php. id: CVE-2014-6308 info: name: Osclass Security Advisory 3.4.1 - Local File Inclusion author: daffainfo...

5CVSS6.2AI score0.2226EPSS
Exploits6References5
Nuclei
Nuclei
added 18 hours ago47 views

Joomla! Component Music Manager - Local File Inclusion

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...

6.8CVSS6.2AI score0.04848EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago32 views

Koha 3.20.1 - Directory Traversal

Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the templatepath parameter to 1 svc/virtualshelves/search or 2 svc/members/search. id: CVE-2015-4632 info: name:...

7.5CVSS7.1AI score0.51829EPSS
Exploits8References5
Nuclei
Nuclei
added 18 hours ago32 views

Joomla! Component Percha Fields Attach 1.0 - Directory Traversal

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...

7.5CVSS6.2AI score0.1321EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago39 views

NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

9.1CVSS7.1AI score0.0857EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago117 views

HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion

An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. id: CVE-2024-34470 info: name: HSC...

8.6CVSS7.1AI score0.06699EPSS
Exploits5References4
Nuclei
Nuclei
added 18 hours ago58 views

Joomla! Component Highslide 1.5 - Local File Inclusion

A directory traversal vulnerability in the Highslide JS comhsconfig component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1314 info: name: Joomla! Component Highslide 1.5 - Local File Inclusion...

5CVSS6.2AI score0.15909EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago48 views

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php. id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion LFI author: daffainfo...

5CVSS6.2AI score0.09794EPSS
Exploits2References4
Rows per page
Query Builder