CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

886 matches found

NVD•added 2026/06/03 1:16 p.m.•9 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS0.00494EPSS

Exploits0References1

NVD•added 2026/06/03 1:16 p.m.•11 views

CVE-2026-35078

The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS

Exploits0References1

NVD•added 2026/06/03 1:16 p.m.•8 views

CVE-2026-35076

The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.00363EPSS

Exploits0References1

CVE•added 2026/06/03 10:41 a.m.•7 views

CVE-2026-35082

The CVE-2026-35082 entry describes a Local File Inclusion in the ugw-logread method, where insufficient validation of user-supplied input lets a remote attacker with user privileges access arbitrary local files. The CERT/VDE metrics indicate HIGH impact (confidentiality, integrity, availability) ...

8.8CVSS6AI score0.00494EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/03 10:41 a.m.•7 views

CVE-2026-35082 Local file inclusion vulnerability and deletion in ugw-logread method

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score0.00494EPSS

Exploits0References1

Cvelist•added 2026/06/03 10:39 a.m.•35 views

CVE-2026-35077 Arbitrary file delete vulnerability in method ugw-delete-file

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS

Exploits0References1

EUVD•added 2026/06/03 10:39 a.m.•8 views

EUVD-2026-34073

The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS

Exploits0References1

EUVD•added 2026/04/30 11:5 a.m.•1 views

EUVD-2026-26368

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS

Exploits0References1

Cvelist•added 2026/03/31 2:10 p.m.•21 views

CVE-2026-33581 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters

OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidate...

7.1CVSS0.00555EPSS

Exploits0References3

Vulnrichment•added 2026/03/31 2:10 p.m.•1 views

CVE-2026-33581 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters

7.1CVSS6AI score0.00555EPSS

Exploits0References3

Positive Technologies•added 2026/03/30 12:0 a.m.•3 views

PT-2026-29049

Name of the Vulnerable Software and Affected Versions CrewAI affected versions not specified Description The software contains a flaw where the JSON loader tool reads files without proper path validation. This allows unauthorized access to files on the server. The issue involves an arbitrary loca...

7.5CVSS6AI score0.00605EPSS

Exploits0References5

RedhatCVE•added 2026/03/26 3:0 p.m.•4 views

CVE-2026-33354

WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...

7.6CVSS5.9AI score0.00254EPSS

Exploits1References1

CNNVD•added 2026/03/20 12:0 a.m.•2 views

SQLBot 代码问题漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.7.0 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgery in the/api/v1/datasource/check endpoint, which could lead...

8.7CVSS6AI score0.00427EPSS

Exploits1References3

Veracode•added 2025/12/13 7:36 a.m.•2 views

Cross-site Scripting (XSS)

Pyhtml2pdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to lack of validation of user-supplied HTML content, which allows an attacker to access and retrieve arbitrary local files...

7.5CVSS7.5AI score0.00695EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/11/26 6:31 p.m.•8 views

CVE-2021-4472 Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

6.5CVSS0.00384EPSS

Exploits0References5

CVE•added 2025/10/17 3:36 p.m.•16 views

CVE-2025-62356

CVE-2025-62356 affects Qodo Gen IDE (Qodo Gen IDE). A path traversal vulnerability enables a threat actor to read arbitrary local files on an end user’s system, including files outside of current projects. The issue is reachable directly and via indirect prompt injection, impacting confidentialit...

7.5CVSS6.3AI score0.00559EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2008-6793

Malware in sbrugna...

10CVSS6.4AI score0.08557EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-2784

Malware in sbrugna...

6.5CVSS6.6AI score0.01599EPSS

Exploits0References2