Lucene search
K

50392 matches found

CVE
CVE
added yesterday5 views

CVE-2026-14967

BBOT’s github_workflows module has a path-traversal vulnerability: the path-containment check fails to resolve ‘..’, allowing a crafted CODE_REPOSITORY URL to traverse out of the configured output directory. The write is bounded to two directory levels above the output location and the target is ...

3.1CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added yesterday50 views

Joomla! Component com_janews - Local File Inclusion

A directory traversal vulnerability in the JA News comjanews component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1219 info: name: Joomla! Component comjanews - Local File Inclusion author: daffainf...

6.8CVSS6.1AI score0.08266EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday50 views

Joomla! Component PicSell 1.0 - Arbitrary File Retrieval

A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...

5CVSS6.1AI score0.08523EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday39 views

NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

9.1CVSS7.3AI score0.0857EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday51 views

Eaton Intelligent Power Manager 1.6 - Directory Traversal

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...

9.8CVSS7.3AI score0.17313EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday71 views

Cisco Unified Communications Manager 7/8/9 - Directory Traversal

A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...

8.1CVSS7.3AI score0.88559EPSS
Exploits22References4
Nuclei
Nuclei
added yesterday93 views

ffay lanproxy Directory Traversal

ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet. id: CVE-2021-3019 info: name: ffay lanproxy Directory Traversal author: pikpikcu severity: high description: ffa...

7.5CVSS7.1AI score0.18982EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday36 views

FileMage Gateway - Directory Traversal

Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. id: CVE-2023-39026 info: name: FileMage Gateway - Directory Traversal author: DhiyaneshDk severity:...

7.5CVSS7.1AI score0.10562EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday55 views

Cartadis Gespage 8.2.1 - Directory Traversal

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. id: CVE-2021-33807 info: name: Cartadis Gespage 8.2.1 - Directory Traversal author: daffainfo severity: high description: Cartadis Gespage through 8.2.1 allows Directory Traversa...

7.5CVSS7.1AI score0.1411EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday36 views

Yearning - Directory Traversal

Yearning has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information. The vulnerability is present in multiple versions of Yearning. id: CVE-2022-27043 info: name: Yearning - Directory Traversal author: Co5mos severity: high description: | Yearning h...

7.5CVSS7.1AI score0.06299EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday95 views

FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

5CVSS6.1AI score0.08761EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday64 views

phpShowtime 2.0 - Directory Traversal

A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. dot dot in the r parameter to index.php. id: CVE-2012-0981 info: name: phpShowtime 2.0 - Directory Traversal author: daffainfo severity: medium description: A...

5CVSS6.1AI score0.11059EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday32 views

MySQLDumper 1.24.4 - Directory Traversal

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 language parameter to learn/cubemail/install.php or 2 f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. dot dot in the...

4.3CVSS6.2AI score0.08465EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday53 views

Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. id: CVE-2021-44138 info: name: Caucho Resin =4.0.52 =4.0.56 - Directory travers...

7.5CVSS7.2AI score0.14115EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday85 views

Spring Boot Actuator Logview Directory Traversal

spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint maven package "eu.hinsch:spring-boot-actuator-logview". id: CVE-2021-21234 info: name: Spring Boot Actuator Logview...

7.7CVSS7.1AI score0.21173EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday34 views

AlquistManager Local File Inclusion

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id...

7.5CVSS7.4AI score0.09052EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday84 views

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

7.5CVSS7.1AI score0.14759EPSS
Exploits2
Nuclei
Nuclei
added yesterday49 views

LG-Ericsson iPECS NMS 30M - Local File Inclusion

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...

7.5CVSS7.1AI score0.12851EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday82 views

WordPress JSmol2WP <=1.07 - Local File Inclusion

WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context...

7.5CVSS6.9AI score0.13078EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday49 views

Onkyo TX-NR585 Web Interface - Directory Traversal

Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. id: CVE-2020-12447 info: name: Onkyo TX-NR585 Web Interface - Directory Traversal author: 0xAkoko severity: high...

7.5CVSS7.2AI score0.11822EPSS
Exploits1References4
Rows per page
Query Builder