Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/27 3:10 p.m.1 views

CVE-2026-41465

ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal sequences before constructing file paths. Authenticated attackers can inject directory traversal...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/07 9:55 a.m.11 views

CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.5.0. This makes it possible for authenticated...

6.5CVSS7AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:49 p.m.3 views

CVE-2021-22024

The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...

7.5CVSS6.8AI score0.00273EPSS
Exploits0References1
CVE
CVEadded 2024/05/02 4:51 p.m.52 views

CVE-2024-3546

CVE-2024-3546 affects the WordPress Backup & Migration plugin (wp-migration-duplicator) for WordPress, up to version 1.4.8. The root cause is a missing capability check in wp_mgdp_populate_popup, enabling authenticated attackers with subscriber access or higher to invoke the function and access l...

4.3CVSS6.4AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelistadded 2019/03/05 4:0 p.m.16 views

CVE-2018-19638 User can overwrite arbitrary log files in support tar

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files...

2.2CVSS5.8AI score0.00042EPSS
Exploits0References2
CNVD
CNVDadded 2019/02/28 12:0 a.m.2 views

SUSE Supportutils Backlink Vulnerability

SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. A backlink...

4.7CVSS6.8AI score0.00042EPSS
Exploits0References1
Atlassian
Atlassianadded 2012/11/29 1:27 p.m.15 views

CreateSupportZipAction directory traversal

There’s a directory traversal vulnerability in the CreateSupportZipAction action that allows a malicious user to include arbitrary log files into a support zip. This is because the SupportUtility object is marked as @ParameterSafe, and no validation is performed on its serverLogsDirectory path...

2AI score
Exploits0Affected Software1
Apache Httpd
Apache Httpdadded 2001/10/12 12:0 a.m.31 views

Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to

A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...

5CVSS1.3AI score0.07796EPSS
Exploits0Affected Software1
Rows per page
Query Builder