Lucene search
+L

18104 matches found

nuclei
nuclei
added 6 hours ago115 views

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

10CVSS7.2AI score0.39335EPSS
Exploits1References4
nuclei
nuclei
added 6 hours ago44 views

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS7AI score0.0122EPSS
Exploits0References4
nuclei
nuclei
added 6 hours ago76 views

Vite Dev Server - Information Exposure

Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...

6CVSS6.2AI score0.01077EPSS
Exploits1References2
nuclei
nuclei
added 6 hours ago133 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.1AI score0.59798EPSS
Exploits1References5
nuclei
nuclei
added 6 hours ago129 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.2AI score0.03452EPSS
Exploits0References4
nuclei
nuclei
added 6 hours ago251 views

Kyocera TASKalfa printer - Path Traversal

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings. id: CVE-2023-34259 info: name: Kyocera TASKalfa printer - Path...

4.9CVSS6.7AI score0.60745EPSS
Exploits2References5
cve
cve
added yesterday7 views

CVE-2026-40501

Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...

8.8CVSS6.7AI score
Exploits0References3
euvd
euvd
added yesterday5 views

EUVD-2026-44664

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS6.1AI score
Exploits0References2
cvelist
cvelist
added yesterday28 views

CVE-2026-58558

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS
Exploits0References2
cve
cve
added yesterday7 views

CVE-2026-58558

Technical details on CVE-2026-58558 are not publicly provided in the supplied documents. Monitoring for updates is advised.

7.8CVSS6.1AI score
Exploits0References2
osv
osv
added yesterday2 views

RLSA-2026:39179 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: bridge: use a stable FDB dst snapshot in RCU readers CVE-2026-46086 kernel: xfrm: defensively unhash xfrmstate lists in xfrmstatedelete CVE-2026-46116 kernel: XFS data corruption usi...

7CVSS6.5AI score0.0013EPSS
Exploits1References3
osv
osv
added yesterday4 views

USN-8547-1 linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...

9.8CVSS6.8AI score0.09796EPSS
Exploits4References66
osv
osv
added yesterday6 views

USN-8546-1 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References63
osv
osv
added yesterday6 views

USN-8545-1 linux-hwe-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References63
cve
cve
added 2 days ago8 views

CVE-2026-48353

CVE-2026-48353 affects CAI Content Credentials. The issue is an Improper Input Validation (CWE-20) that could enable an attacker to read arbitrary files on the filesystem outside the intended scope. Exploitation requires user interaction, as a victim must open a malicious file. The CVSS v3.1 base...

5.5CVSS6.2AI score0.00155EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-48310

Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access...

8.6CVSS0.00552EPSS
Exploits0References1
nvd
nvd
added 2 days ago5 views

CVE-2026-58530

Heap-based buffer overflow in Windows Resilient File System ReFS allows an unauthorized attacker to execute code locally...

7.8CVSS0.00444EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-56650

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00318EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-56649

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Network File System allows an unauthorized attacker to execute code over a network...

5.9CVSS0.00641EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-56194

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00851EPSS
Exploits0References1
Rows per page
Query Builder