Lucene search
K

38 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.6 views

JetBrains IntelliJ IDEA Arbitrary Local File Read (CVE-2026-41882)

The version of JetBrains IntelliJ IDEA installed on the remote host is prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, or 2026.1.1. It is, therefore, affected by an arbitrary local file read vulnerability: - In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1...

7.5CVSS6AI score0.00401EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 11:5 a.m.8 views

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 11:5 a.m.5 views

EUVD-2026-26368

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:5 a.m.8 views

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 11:5 a.m.17 views

CVE-2026-41882

CVE-2026-41882 affects JetBrains IntelliJ IDEA prior to 2024.3.7.1 and versions 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1. The issue enables reading arbitrary local files via the built‑in web server. The root cause details are not provided in the given documents. A patch is indicated by th...

7.5CVSS5.3AI score0.00401EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

JetBrains IntelliJ IDEA 后置链接漏洞

JetBrains IntelliJ IDEA is an integrated development environment for Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1 have a post-link vulnerability. This vulnerability stems from issu...

7.5CVSS5.9AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36089

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2024.3.7.1 JetBrains IntelliJ IDEA versions prior to 2025.1.7.1 JetBrains IntelliJ IDEA versions prior to 2025.2.6.2 JetBrains IntelliJ IDEA versions prior to 2025.3.4.1 JetBrains IntelliJ IDEA version...

7.5CVSS5.9AI score0.00401EPSS
Exploits0References6
NVD
NVD
added 2026/01/13 11:15 p.m.3 views

CVE-2022-50890

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

8.7CVSS0.00932EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.8 views

PT-2026-2366

Name of the Vulnerable Software and Affected Versions Owlfiles File Manager version 12.0.1 Description Owlfiles File Manager version 12.0.1 contains a path traversal issue in its built-in HTTP server. This allows attackers to access system directories by crafting GET requests with directory...

8.7CVSS6.5AI score0.00932EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.6 views

The vulnerability of the built-in web server boa (/boafrm/formDosCfg) of the TOTOLINK X15 router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the built-in web server boa /boafrm/formDosCfg of the TOTOLINK X15 router’s microprogramming software is related to the copying of buffers without checking the size of input data during the processing of the submit-url parameter. Exploiting this vulnerability allows a remote...

9CVSS7.7AI score0.00615EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.5 views

The vulnerability of the built-in web server boa (/boafrm/formDMZ) of TOTOLINK EX1200T router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the built-in web server boa /boafrm/formDMZ of TOTOLINK EX1200T routers is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information by sending a specially crafted...

9CVSS8.1AI score0.00862EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/13 12:0 a.m.4 views

The vulnerability of the built-in web server boa (/boafrm/formFilter) of TOTOLINK EX1200T router microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the built-in web server boa /boafrm/formFilter of TOTOLINK EX1200T routers is caused by buffer overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by sending a specially crafte...

9CVSS8.1AI score0.04075EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/09 12:0 a.m.10 views

The vulnerability of the built-in web server boa (/boafrm/formDMZ) of TOTOLINK X15 router’s microprogramming software allows a perpetrator to execute arbitrary commands or cause service failure.

The vulnerability of the built-in web server boa /boafrm/formDMZ of TOTOLINK X15 router microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a remote attacker to execute...

9CVSS8.3AI score0.04066EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/03/06 2:15 a.m.6 views

CVE-2024-1220

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of...

7.5CVSS6.2AI score0.00661EPSS
Exploits0References1
Prion
Prion
added 2023/08/24 5:15 p.m.19 views

Design/Logic Flaw

An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b...

5CVSS7.9AI score0.00442EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.32 views

Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Neutralization of Special Elements Used in an OS Command (CVE-2021-32974)

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

10CVSS8.4AI score0.02593EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.19 views

Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation (CVE-2021-32970)

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. This plugin only works with Tenable.ot. Please visit...

7.8CVSS7.4AI score0.01623EPSS
Exploits0References3
OSV
OSV
added 2023/03/29 1:15 p.m.5 views

CVE-2022-48433

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server...

7.5CVSS5.8AI score0.00646EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.7 views

PT-2023-15777 · Jetbrains · Jetbrains Intellij Idea

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to 2023.1 Description: The issue concerns the potential leak of NTLM hash through an API method in the built-in web server of JetBrains IntelliJ IDEA. Recommendations: For versions prior to 2023.1, updat...

7.5CVSS7.5AI score0.00646EPSS
Exploits0References3
OSV
OSV
added 2022/12/08 6:15 p.m.4 views

CVE-2022-46826

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability...

5.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder