Lucene search
K

50393 matches found

CVE
CVE
added yesterday5 views

CVE-2026-14967

BBOT’s github_workflows module has a path-traversal vulnerability: the path-containment check fails to resolve ‘..’, allowing a crafted CODE_REPOSITORY URL to traverse out of the configured output directory. The write is bounded to two directory levels above the output location and the target is ...

3.1CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added yesterday709 views

aiohttp - Directory Traversal

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'followsymlinks' can be used to determine whether to follow symboli...

7.5CVSS6.8AI score0.76875EPSS
Exploits15References3
Nuclei
Nuclei
added yesterday48 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.3AI score0.02884EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday50 views

Joomla! Component com_janews - Local File Inclusion

A directory traversal vulnerability in the JA News comjanews component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1219 info: name: Joomla! Component comjanews - Local File Inclusion author: daffainf...

6.8CVSS6.1AI score0.08266EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday50 views

Joomla! Component PicSell 1.0 - Arbitrary File Retrieval

A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...

5CVSS6.1AI score0.08523EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday39 views

NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

9.1CVSS7.3AI score0.0857EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday51 views

Eaton Intelligent Power Manager 1.6 - Directory Traversal

Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. id: CVE-2018-12031 info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo...

9.8CVSS7.3AI score0.17313EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday106 views

SolarView Compact < 6.00 - Directory Traversal

SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...

7.5CVSS7.2AI score0.02885EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday37 views

Yearning - Directory Traversal

Yearning has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information. The vulnerability is present in multiple versions of Yearning. id: CVE-2022-27043 info: name: Yearning - Directory Traversal author: Co5mos severity: high description: | Yearning h...

7.5CVSS7.1AI score0.06299EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday91 views

Spring Boot Actuator Logview Directory Traversal

spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint maven package "eu.hinsch:spring-boot-actuator-logview". id: CVE-2021-21234 info: name: Spring Boot Actuator Logview...

7.7CVSS7.1AI score0.21173EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday23 views

Lotus Core CMS 1.0.1 - Local File Inclusion

Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...

8.8CVSS7.2AI score0.10808EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03643EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday16 views

MapTiler Tileserver-php v2.0 - Unauthenticated File Read

MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit requires crafted web requests id: CVE-2025-44137 info: name: MapTiler Tileserver-php v2.0 -...

8.2CVSS7.3AI score0.0136EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday55 views

Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

7.5CVSS7.1AI score0.06344EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday77 views

Camtron CMNC-200 IP Camera - Directory Traversal

The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. id: CVE-2010-4231 info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high description: The CMNC-200 IP...

7.8CVSS7.2AI score0.09542EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday48 views

Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

7.5CVSS6.1AI score0.15722EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

Joomla! Component User Status - Local File Inclusion

A directory traversal vulnerability in userstatus.php in the User Status comuserstatus component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File...

5CVSS6.1AI score0.14041EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday30 views

Joomla! Component iF surfALERT 1.2 - Local File Inclusion

A directory traversal vulnerability in the iF surfALERT comifsurfalert component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1717 info: name: Joomla! Component i...

7.5CVSS6.1AI score0.22285EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday50 views

Joomla! Component Arcade Games 1.0 - Local File Inclusion

A directory traversal vulnerability in the Arcade Games comarcadegames component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion autho...

5CVSS6.1AI score0.18703EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday45 views

Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the J!WHMCS Integrator comjwhmcs component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1977 info: name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File...

7.5CVSS6.1AI score0.07402EPSS
Exploits2References3
Rows per page
Query Builder