Lucene search
K

6581 matches found

Nuclei
Nuclei
added 3 days ago128 views

Sonicwall - Pre-Authentication Arbitrary File Read

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1
Nuclei
Nuclei
added 3 days ago91 views

Cleo Harmony < 5.8.0.21 - Arbitary File Read

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. id: CVE-2024-50623 info: name: Cleo Harmony 5.8.0.21 - Arbitary File Read author: DhiyaneshDK severity: high...

9.8CVSS7.3AI score0.98529EPSS
Exploits6References4
NVD
NVD
added 4 days ago7 views

CVE-2026-46388

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS0.00094EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42916

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS6.2AI score0.00094EPSS
Exploits0References4
NVD
NVD
added 4 days ago8 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS0.00512EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42831

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
CVE
CVE
added 4 days ago15 views

CVE-2026-13347

The CVE-2026-13347 entry documents an unauthenticated Arbitrary File Read in WordPress Hide My WP Lite (versions ≤ 1.3) via the he_wrapper_js and he_wrapper_css parameters. The vulnerability stems from elementor_assets_filter() concatenating user input onto ABSPATH and passing it to file_get_cont...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-13347 Hide My WP Lite <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'he_wrapper_js' Parameter

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS0.00512EPSS
Exploits0References3
Patchstack
Patchstack
added 4 days ago7 views

WordPress Hide My WP Lite plugin <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Hide My WP Lite versions = 1.3...

7.5CVSS5.9AI score0.00512EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-51925

CVE-2026-51925 affects docuForm GmbH Client v11.11c. A Local File Inclusion flaw in the dfm-menu_report.php component allows an attacker to read arbitrary server files (e.g., system/configuration files, source code) and potentially execute arbitrary code. The PT-Security entry confirms the affect...

8.1CVSS6.3AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 6 days ago21 views

CVE-2026-55878

The CVE-2026-55878 issue affects Symfony UX Toolkit. Affected: Symfony UX versions 2.32.0–2.36.0 and 3.0.0–3.1.x (pre-2.36.1/3.2.0). The ux:install console command copies files from a recipe kit using paths listed in copy-files; because Path::isRelative() treats paths like ../../../etc as relativ...

7.8CVSS6AI score0.00146EPSS
Exploits0References4
NVD
NVD
added 6 days ago6 views

CVE-2026-55760

Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...

7.5CVSS0.00414EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59924 Mistune: Arbitrary File Read via Include directive path traversal

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS0.0034EPSS
Exploits1References3
CVE
CVE
added 6 days ago8 views

CVE-2026-59924

Mistune (Python Markdown parser) prior to v3.3.0 contains a path traversal flaw in Include.parse() where include paths are joined/normalized without ensuring the result stays inside the markdown directory. When processing markdown files via md.read(), crafted include paths could read files outsid...

5.9CVSS6AI score0.0034EPSS
Exploits1References3Affected Software1
NVD
NVD
added 6 days ago7 views

CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS0.00329EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-14500

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS0.00333EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-14500 Bulk Order Update for WooCommerce <= 1.6 - Unauthenticated Arbitrary File Read via 'csv_url' Parameter

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS0.00333EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42175

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS6.1AI score0.00333EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-14244 Jssor Slider by jssor.com <= 3.1.24 - Unauthenticated Arbitrary File Read via 'url' Parameter

The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS0.00692EPSS
Exploits0References7
Rows per page
Query Builder