Lucene search
+L

13784 matches found

cve
cve
added 2 hours ago20 views

CVE-2026-44019

Docling Core (docling-core) versions 2.5.0 through before 2.74.1 allow local file:// image references and inline data: content without a decoded-size limit when processing untrusted image references. This could enable access to local files readable by the process or cause excessive memory usage f...

8.1CVSS6.1AI score0.0004EPSS
Exploits0References2
nuclei
nuclei
added 13 hours ago72 views

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

7.5CVSS7.1AI score0.02941EPSS
Exploits2References3
nuclei
nuclei
added 13 hours ago38 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS7.1AI score0.03847EPSS
Exploits14References5
nuclei
nuclei
added 13 hours ago28 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.1AI score0.55008EPSS
Exploits1References4
nuclei
nuclei
added 13 hours ago29 views

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

5.8CVSS6.1AI score0.00682EPSS
Exploits0References4
nuclei
nuclei
added 13 hours ago21 views

Danswer - Insecure Direct Object Reference

The application does not verify whether the attacker is the creator of the file, allowing the attacker to directly call the GET /api/chat/file/fileid interface to view any user's file. id: CVE-2024-9617 info: name: Danswer - Insecure Direct Object Reference author: s4e-io severity: medium...

6.5CVSS6.6AI score0.01557EPSS
Exploits0
nuclei
nuclei
added 13 hours ago30 views

Control Web Panel (CWP) - File Inclusion

In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...

9.8CVSS7.3AI score0.70947EPSS
Exploits1References2
nuclei
nuclei
added 13 hours ago9 views

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...

8.5CVSS6.2AI score0.01441EPSS
Exploits0References3
nuclei
nuclei
added 13 hours ago102 views

Gradio < 2.5.0 - Arbitrary File Read

Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...

7.7CVSS7AI score0.03794EPSS
Exploits1References2
nuclei
nuclei
added 13 hours ago125 views

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. id:...

5.3CVSS6.7AI score0.02419EPSS
Exploits1References5
nvd
nvd
added yesterday5 views

CVE-2026-49988

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attachpackedoutput and readrepomixoutput flow can register and read arbitrary local .json, .txt, .md, or .xml files without the filesystemreadfile runSecretLint safety check or Repomix...

6.8CVSS0.00028EPSS
Exploits0References3
cve
cve
added yesterday19 views

CVE-2026-49988

Repomix’s MCP server flow attach_packed_output followed by read_repomix_output can register and expose arbitrary local files (.json/.txt/.md/.xml) without running the secret-scan check, bypassing the file_system_read_file boundary. The root cause is that this path validates only by extension/form...

6.8CVSS6.2AI score0.00028EPSS
Exploits0References3
nvd
nvd
added yesterday26 views

CVE-2026-20146

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS
Exploits0References1
cve
cve
added yesterday13 views

CVE-2026-20146

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by CVE-2026-20146. The issue stems from improper validation of user-supplied input, enabling a remote, authenticated attacker (with valid administrative credentials) to perform path traversal via a crafted HTTP request and read or dele...

5.5CVSS6.2AI score
Exploits0References1Affected Software1
euvd
euvd
added yesterday4 views

EUVD-2026-44702

Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters t...

7.6CVSS6.2AI score0.00037EPSS
Exploits0References1
nvd
nvd
added yesterday5 views

CVE-2026-60085

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS
Exploits0References2
nvd
nvd
added yesterday3 views

CVE-2026-56352

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44625

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS6.2AI score
Exploits0References2
cvelist
cvelist
added yesterday30 views

CVE-2026-56352 n8n - Arbitrary File Read and Execution via ExecuteWorkflow localFile Parameter

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS
Exploits0References2
cve
cve
added yesterday12 views

CVE-2026-56287

Summary: CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The orderBy and sortOrder parameters are concatenated into a SQL query without sufficient validation, enabling an authenticated user to inj...

8.1CVSS6.1AI score0.0027EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder