Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.10 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 10:16 p.m.15 views

CVE-2026-8416

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 7:23 p.m.5 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.7AI score0.00437EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/12 12:0 a.m.2 views

NiceGUI 安全漏洞

NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A security vulnerability exists in NiceGUI versions prior to 1.4.21. An attacker exploiting this vulnerability can access any file on the backend file system...

8.2CVSS7.9AI score0.0076EPSS
Exploits0References4
Rows per page
Query Builder