Lucene search
+L

11577 matches found

Nuclei
Nuclei
added 9 hours ago106 views

Gradio < 2.5.0 - Arbitrary File Read

Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...

7.7CVSS7.3AI score0.03794EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago28 views

74cmsSE v3.4.1 - Arbitrary File Read

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. id: CVE-2022-26271 info: name: 74cmsSE v3.4.1 - Arbitrary File Read author: ritikchaddha severity: high description: | 74cmsSE v3.4.1 was discovered to contain a...

7.5CVSS7.8AI score0.04633EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago145 views

WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read

WordPress Responsive Vector Maps 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user to read arbitrary files on the w...

6.5CVSS6.7AI score0.03005EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago67 views

Blinko <= 1.8.3 - Path Traversal via /plugins

Blinko = 1.8.3 contains a path traversal caused by improper path concatenation without verification in the plugin file server endpoint, letting remote attackers access arbitrary files, exploit requires network access. id: CVE-2026-23483 info: name: Blinko = 1.8.3 - Path Traversal via /plugins...

6.9CVSS5.5AI score0.00771EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago35 views

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

8.8CVSS5.3AI score0.26409EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago38 views

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

8.7CVSS8.6AI score0.01083EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago64 views

esm.sh <= v136 - Local File Inclusion

esm.sh = 136 contains a local file inclusion caused by improper URL handling, letting attackers read arbitrary files from the host filesystem remotely, exploit requires crafted request. id: CVE-2025-59341 info: name: esm.sh = v136 - Local File Inclusion author: 0xAkoko severity: high description:...

8.7CVSS8.3AI score0.01527EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago73 views

WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read

WooCommerce Designer Pro theme for WordPress = 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication. id: CVE-2025-10897 info: nam...

8.6CVSS5.3AI score0.01844EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago60 views

TinaCMS - Path Traversal

TinaCMS CLI 2.1.8 contains a file system read vulnerability caused by disabled Vite server.fs.strict setting, letting unauthenticated attackers read arbitrary files on the host system, exploit requires access to the dev server. id: CVE-2026-29066 info: name: TinaCMS - Path Traversal author:...

6.2CVSS5.4AI score0.01025EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago46 views

Frappe Framework < 16.15.0 - Arbitrary File Read via render_include Path Traversal

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above. id: CVE-2026-39352 info: name: Frappe Framework 16.15.0 - Arbitrary File...

8.7CVSS5.2AI score0.01279EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago17 views

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

7.5CVSS5.5AI score0.02056EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago18 views

Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read

An arbitrary file read vulnerability, also known as a "path traversal" or "directory traversal" vulnerability, occurs when an attacker is able to access files on a system that they shouldn't have access to. This vulnerability arises from improper input validation or insufficient access controls i...

8.7CVSS8.6AI score0.02125EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago22 views

WP Responsive Images <= 1.0 - Arbitrary File Read

WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...

7.5CVSS5.4AI score0.01722EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago16 views

Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read

Apache CXF before 4.0.4, 3.6.3 and 3.5.8 has a Server-Side Request Forgery SSRF vulnerability when using the Aegis DataBinding. The XOP Include mechanism in multipart SOAP requests can be abused to read local files or make server-side HTTP requests to arbitrary URLs. An attacker can use this to...

9.3CVSS7.2AI score0.05849EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago40 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS8.3AI score0.03847EPSS
Exploits14References5
Nuclei
Nuclei
added 9 hours ago72 views

Mlflow < 2.11.0 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.3AI score0.43284EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago39 views

Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

8.6CVSS8.3AI score0.03145EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago107 views

OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete

OpenAPI Generator versions 7.5.0 and below are prone to an Arbitrary File Read/Delete vulnerability. Attackers can exploit this vulnerability to read and delete files and folders from an arbitrary, writable directory. id: CVE-2024-35219 info: name: OpenAPI Generator = 7.5.0 - Arbitrary File...

8.3CVSS7.7AI score0.03592EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago112 views

CrateDB Database - Arbitrary File Read

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

6.5CVSS6.9AI score0.03084EPSS
Exploits1
Nuclei
Nuclei
added 9 hours ago90 views

Mitel MiCollab - Arbitary File Read

The Mitel Collab Arbitrary File Read vulnerability allows an unauthenticated attacker to read arbitrary files from the underlying file system on a Mitel Collab server. Exploiting this flaw involves sending specially crafted requests to the server, bypassing access controls and allowing the attack...

9.8CVSS7.4AI score0.98067EPSS
Exploits3References3
Rows per page
Query Builder