Lucene search
+L

1374 matches found

OSV
OSV
added 2026/02/18 10:16 p.m.4 views

DEBIAN-CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

7.5CVSS5.6AI score0.01206EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/02/18 10:16 p.m.7 views

CVE-2019-25355

gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal...

8.7CVSS7.2AI score0.01206EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/18 9:54 p.m.29 views

CVE-2019-25351 Centova Cast 3.2.11 - Arbitrary File Download

Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using cu...

8.8CVSS0.00282EPSS
Exploits0References3
CVE
CVE
added 2026/02/18 9:54 p.m.12 views

CVE-2019-25351

CVE-2019-25351 affects Centova Cast 3.2.11. A vulnerability in the server.copyfile API endpoint allows authenticated attackers to retrieve arbitrary system files by supplying crafted parameters, enabling downloads such as /etc/passwd via curl or wget. Impact is high on confidentiality; no remedia...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References3
PyPA
PyPA
added 2026/02/12 4:16 p.m.13 views

PYSEC-2026-34

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

9.2CVSS6AI score0.00609EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7932

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive...

8.7CVSS5.5AI score0.00641EPSS
Exploits0References4
OSV
OSV
added 2026/02/11 9:16 p.m.5 views

CVE-2020-37214

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files...

8.7CVSS5.7AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/10 7:15 p.m.6 views

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS5AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/28 5:35 p.m.7 views

EUVD-2020-30877

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the...

8.4CVSS6AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.9 views

PT-2026-4515

Name of the Vulnerable Software and Affected Versions YetiShare File Hosting Script version 5.1.0 Description The software contains a server-side request forgery condition that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url...

6.9CVSS5.4AI score0.00258EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/21 5:27 p.m.6 views

EUVD-2026-3642

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests...

8.7CVSS5.5AI score0.0066EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : targetcli-2.1.53-1.el8 (AXSA:2020-1067:05)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-1067:05 advisory. targetcli: weak permissions for /etc/target and backup files CVE-2020-13867 Tenable has extracted the preceding description block directly from the...

5.5CVSS5.6AI score0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 10:51 p.m.2 views

CVE-2022-50932 Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated)

Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg...

8.7CVSS6.6AI score0.03534EPSS
Exploits1References3
NVD
NVD
added 2026/01/08 9:15 p.m.6 views

CVE-2025-68719

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow,...

8.8CVSS0.00401EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.10 views

CVE-1999-0712

A vulnerability in Caldera Open Administration System COAS allows the /etc/shadow password file to be made world-readable...

2.1CVSS7AI score0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.28 views

CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

7.5CVSS0.00984EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.280 views

CVE-2019-25246 Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and...

8.8CVSS0.17393EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/12 12:30 a.m.6 views

EUVD-2024-55345

APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path...

8.7CVSS6.4AI score0.00844EPSS
Exploits0References4
CVE
CVE
added 2025/12/11 9:40 p.m.12 views

CVE-2024-58302

FoF Pretty Mail 1.1.2 is affected by a Local File Inclusion (LFI) in the Email Template Settings. The weakness allows administrative users to include arbitrary server files during email generation, enabling reading of sensitive files such as /etc/passwd. Root cause is misuse of template processin...

6.9CVSS6.2AI score0.0029EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.6 views

PT-2025-50755

Name of the Vulnerable Software and Affected Versions FoF Pretty Mail version 1.1.2 Description FoF Pretty Mail version 1.1.2 has a local file inclusion issue. Administrative users can include arbitrary server files in email templates. An attacker can exploit the template settings by inserting fi...

6.9CVSS6.2AI score0.0029EPSS
Exploits0References6
Rows per page
Query Builder