Lucene search
+L

11579 matches found

Nuclei
Nuclei
added 2026/07/11 12:22 a.m.132 views

Sonicwall - Pre-Authentication Arbitrary File Read

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS7.4AI score0.99957EPSS
Exploits1
OSV
OSV
added 2026/07/10 7:34 p.m.9 views

GHSA-G5R6-GV6M-F5JV mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment

Summary confluenceuploadattachment passes filepath directly to openfilepath, "rb" with no path validation. Any authenticated MCP client — or an AI agent manipulated via prompt injection — can read any file the server process can access and exfiltrate it to Confluence as an attachment. Details Roo...

7.7CVSS6.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/10 7:34 p.m.14 views

mcp-atlassian: Arbitrary file read via missing path validation in confluence_upload_attachment

Summary confluenceuploadattachment passes filepath directly to openfilepath, "rb" with no path validation. Any authenticated MCP client — or an AI agent manipulated via prompt injection — can read any file the server process can access and exfiltrate it to Confluence as an attachment. Details Roo...

6.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/10 7:34 p.m.5 views

GHSA-WM45-QH3G-V83F mcp-atlassian: Arbitrary server-side file read via attachment upload

Summary A client that can invoke MCP tools can read arbitrary files from the server host and exfiltrate them as Atlassian attachments. The attachment-upload tools take a client-supplied filepath and open it on the server's filesystem. The upload tools are meant to attach a file from the caller's...

7.7CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/10 4:16 p.m.7 views

CVE-2026-46388

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS0.00094EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 2:44 p.m.7 views

EUVD-2026-42916

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS6.2AI score0.00094EPSS
Exploits0References4
NVD
NVD
added 2026/07/10 8:16 a.m.9 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS0.00512EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 6:51 a.m.7 views

EUVD-2026-42831

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/10 6:51 a.m.9 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 6:51 a.m.15 views

CVE-2026-13347

The CVE-2026-13347 entry documents an unauthenticated Arbitrary File Read in WordPress Hide My WP Lite (versions ≤ 1.3) via the he_wrapper_js and he_wrapper_css parameters. The vulnerability stems from elementor_assets_filter() concatenating user input onto ABSPATH and passing it to file_get_cont...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 6:51 a.m.32 views

CVE-2026-13347 Hide My WP Lite <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'he_wrapper_js' Parameter

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS0.00512EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/10 6:23 a.m.8 views

WordPress Hide My WP Lite plugin <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Hide My WP Lite versions = 1.3...

7.5CVSS5.9AI score0.00512EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.13 views

PT-2026-57102

Name of the Vulnerable Software and Affected Versions Hide My WP Lite versions prior to 1.4 Description An arbitrary file read issue exists when the elementor assets filter function processes the he wrapper js and he wrapper css query parameters. The function concatenates user-supplied input...

7.5CVSS5.4AI score0.00512EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

Langflow < 1.9.2 Multiple Vulnerabilities

The version of Langflow installed on the remote host is prior to 1.9.2. It is, therefore, affected by multiple vulnerabilities: - The Shareable Playground feature enables execution of workflows by unauthenticated users. When the route /api/v1/buildpublictmp executes a flow, it allows providing...

9.6CVSS6.3AI score0.00688EPSS
Exploits2References4
CVE
CVE
added 2026/07/09 11:49 p.m.22 views

CVE-2026-54760

CVE-2026-54760: Langroid’s SQLChatAgent dangerous-function blocklist can be bypassed. Prior to version 0.65.1, the mitigation combines a raw-text regex (_DANGEROUS_SQL_PATTERNS) with a sqlglot-based SELECT-only allowlist. Attackers can defeat the regex using PostgreSQL forms such as quoted identi...

9.3CVSS6AI score0.00646EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 11:42 p.m.6 views

CVE-2026-50180

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...

8.7CVSS6.2AI score0.00686EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/09 11:42 p.m.4 views

CVE-2026-50180 Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...

8.7CVSS6.2AI score0.00686EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 11:42 p.m.36 views

CVE-2026-50180 Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...

8.7CVSS0.00686EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 12:0 a.m.11 views

CVE-2026-51925

CVE-2026-51925 affects docuForm GmbH Client v11.11c. A Local File Inclusion flaw in the dfm-menu_report.php component allows an attacker to read arbitrary server files (e.g., system/configuration files, source code) and potentially execute arbitrary code. The PT-Security entry confirms the affect...

8.1CVSS6.3AI score0.00322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/08 9:30 p.m.5 views

CVE-2026-55878

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS6AI score0.00146EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder