Lucene search
+L

2386 matches found

Nuclei
Nuclei
added yesterday30 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.8AI score0.55008EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday9 views

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...

8.5CVSS5.5AI score0.01441EPSS
Exploits0References3
NVD
NVD
added 3 days ago35 views

CVE-2026-20146

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added 3 days ago17 views

CVE-2026-20146

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by CVE-2026-20146. The issue stems from improper validation of user-supplied input, enabling a remote, authenticated attacker (with valid administrative credentials) to perform path traversal via a crafted HTTP request and read or dele...

5.5CVSS6.2AI score0.0034EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44625

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS6.2AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-8920

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS0.0009EPSS
Exploits0References1
OSV
OSV
added 2026/07/10 6:29 p.m.4 views

CVE-2026-55474 Snipe-IT: Directory traversal in displaySig

Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...

7.1CVSS6.2AI score0.00329EPSS
Exploits0References6
NVD
NVD
added 2026/07/10 3:16 p.m.6 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 2:18 p.m.31 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 2:18 p.m.16 views

CVE-2026-59793

CVE-2026-59793 affects JetBrains TeamCity prior to version 2026.1.2. The issue allows arbitrary file access via the Perforce VCS integration, due to the Perforce VCS integration component. Impact is described as high for confidentiality, integrity, and availability. The CVSS vector indicates netw...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/10 2:18 p.m.2 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/10 2:18 p.m.10 views

EUVD-2026-42911

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS6.2AI score0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 3:15 p.m.32 views

CVE-2026-23562 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 2:55 p.m.36 views

CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

0.00329EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 1:43 p.m.5 views

JLSEC-2026-657 Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Summary When Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk,...

5.5CVSS6.2AI score0.00135EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the /skin/ action endpoint when running on Jetty 12 or later. An attacker can access arbitrary files on the server by crafting a URL containing encoded directory traversal sequences. This is only exploitable if th...

8.2CVSS6.5AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:52 p.m.7 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.7 views

perl-Archive-Tar security update

An update is available for perl-Archive-Tar. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Archive::Tar provides an object oriented mechanism for handling tar...

9.1CVSS7.2AI score0.0043EPSS
Exploits0
OSV
OSV
added 2026/07/02 2:13 p.m.8 views

PYSEC-2026-740 Improper Restriction of XML External Entity Reference in trytond and proteus

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

6.5CVSS6.1AI score0.01374EPSS
Exploits1References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:30 p.m.10 views

Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

6CVSS5.9AI score0.00169EPSS
Exploits0Affected Software1
Rows per page
Query Builder