Lucene search
K

830 matches found

EUVD
EUVD
added 6 hours ago7 views

EUVD-2026-41471

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago3 views

PT-2026-54736

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An authenticated attacker can perform error-based SQL injection to extract database contents. The issue occurs because the application passes the id GET parameter directly in...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/25 10:43 p.m.6 views

CVE-2026-40084

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...

6.5CVSS5.9AI score0.00324EPSS
Exploits1
CVE
CVE
added 2026/06/19 4:31 a.m.19 views

CVE-2026-4328

The WordPress Advanced Import plugin (versions ≤ 1.4.6) is vulnerable to Server-Side Request Forgery (SSRF). In demo_download_and_unzip(), the plugin passes the user-supplied demo_file from $_POST through sanitize_text_field() and then invokes wp_remote_get() when demo_file_type is 'url', without...

6.4CVSS6AI score0.00208EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.28 views

CVE-2026-7547 Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

4.9CVSS0.00397EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:30 a.m.12 views

EUVD-2026-35015

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

7.5CVSS7AI score0.00275EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

student_management_system 跨站脚本漏洞

studentmanagementsystem is a student information management tool personally developed by Vivek Singh. studentmanagementsystem has a cross-site scripting vulnerability. This vulnerability stems from improper handling of parameters such as name, address, and fname by an unknown function in the...

5.1CVSS4.5AI score0.00199EPSS
Exploits0References2
CVE
CVE
added 2026/06/06 2:28 a.m.26 views

CVE-2026-7565

CVE-2026-7565 affects LearnPress – Backup & Migration Tool for WordPress. All versions up to 4.1.4 are vulnerable to an Arbitrary File Read via Directory Traversal through the import-user-file parameter. Exploitation requires authenticated access at Administrator level or higher, allowing reading...

4.9CVSS5.6AI score0.00646EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6496

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

5.5CVSS5.4AI score0.00455EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 11:29 a.m.45 views

CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS0.00414EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 11:29 a.m.8 views

CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.5AI score0.00414EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.9 views

Open STA Manager 路径遍历漏洞

Open STA Manager is an enterprise service management system developed by the Italian company Open STA Manager. Version 2.3 of Open STA Manager contains a path traversal vulnerability. This vulnerability arises from operations using the file parameter, which may allow authenticated users to downlo...

7.1CVSS5.9AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43034

Name of the Vulnerable Software and Affected Versions SourceCodester Simple POS and Inventory System version 1.0 Description A remote SQL injection is possible due to improper manipulation of the Name argument within an unknown function in the '/user/search.php' endpoint. SQL injection is a type ...

7.5CVSS7.1AI score0.00319EPSS
Exploits0References8
OSV
OSV
added 2026/05/18 7:1 p.m.5 views

GHSA-3MJV-375J-6H92 AVideo: Authenticated Arbitrary File Read in view/update.php

Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...

6.9CVSS6.1AI score0.00469EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.26 views

Kilo Code 路径遍历漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...

6.5CVSS5.8AI score0.0058EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/05/14 10:40 a.m.34 views

curl: rustls backend silently ignores CURLOPT_CRLFILE when native CA store is active

Hi all, When the rustls backend is configured to use the OS native CA store --ca-native / CURLSSLOPTNATIVECA, any CRL file supplied via --crlfile / CURLOPTCRLFILE is silently ignored. The option is accepted — CURLEOK from curleasysetopt, exit 0 from the command line — and revoked certificates pas...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/10 3:31 p.m.17 views

EUVD-2022-55978

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References4
NVD
NVD
added 2026/05/10 1:16 p.m.16 views

CVE-2022-50957

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

6.1CVSS0.00244EPSS
Exploits1References3
CVE
CVE
added 2026/05/10 12:12 p.m.20 views

CVE-2022-50957

CVE-2022-50957 concerns Drupal “avatar_uploader” module for version 7.x-1.0-beta8, containing a reflected cross-site scripting vulnerability. The issue arises when an attacker crafts a URL that includes a script payload in the file parameter of avatar_uploader.pages.inc, enabling execution of arb...

6.1CVSS5.9AI score0.00244EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/10 12:12 p.m.35 views

CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

6.1CVSS0.00244EPSS
Exploits1References3
Rows per page
Query Builder