Lucene search
+L

11577 matches found

Nuclei
Nuclei
added 10 hours ago219 views

Vitest Browser Mode - Local File Read

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...

7.5CVSS7.2AI score0.02297EPSS
Exploits0References6
Nuclei
Nuclei
added 10 hours ago29 views

DevDojo Voyager <=1.8.0 - Arbitrary File Read

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. id: CVE-2024-55415 info: name: DevDojo Voyager =1.8.0 - Arbitrary File Read author: iamnoooob,rootxharsh,pdresearch severity: high description: | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at t...

5.7CVSS8.7AI score0.15666EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago47 views

Apache DolphinScheduler >= 3.1.0, < 3.2.2 Resource File Read And Write

File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler from 3.1.0 before 3.2.2. id: CVE-2024-30188 info: name: Apache DolphinScheduler = 3.1.0, 3.2.2 Resource File Read And Write...

8.8CVSS5.2AI score0.05987EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago115 views

Bazarr < 1.4.3 - Arbitrary File Read

Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability. id: CVE-2024-40348 info: name: Bazarr Bazarr" - 'content="Bazarr' - "window.Bazarr" condition: or internal: true - method: GET path: - "BaseURL/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/pass...

8.2CVSS8.6AI score0.0829EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago46 views

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS8.5AI score0.08147EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago93 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS5.8AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago175 views

Hoverfly < 1.10.3 - Arbitrary File Read

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

7.5CVSS5.4AI score0.5585EPSS
Exploits3References2
Nuclei
Nuclei
added 10 hours ago180 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS4.8AI score0.03333EPSS
Exploits1References6
Nuclei
Nuclei
added 10 hours ago14 views

Jan v0.4.12 'readFileSync' - Path Traversal

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. id: CVE-2024-36857 info: name: Jan v0.4.12 'readFileSync' - Path Traversal author: Yusuf Amr severity: high description: | Jan v0.4.12 was discovered to contain an arbitrary file rea...

7.5CVSS5.4AI score0.02054EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago17 views

OfficeWeb365 Indexs Interface - Arbitrary File Read

There is any file reading in the officeWeb365 Indexs interface. id: CVE-2024-37728 info: name: OfficeWeb365 Indexs Interface - Arbitrary File Read author: DhiyaneshDK severity: high description: | There is any file reading in the officeWeb365 Indexs interface. impact: | Unauthenticated attackers...

7.5CVSS5.2AI score0.01852EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago14 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7.5AI score0.63637EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago57 views

Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

7.5CVSS7.3AI score0.06344EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago56 views

Pichome 2.1.0 - Arbitrary File Read

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed t...

6.9CVSS5.8AI score0.0161EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago292 views

Eclipse Mojarra - Local File Read

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. id: CVE-2020-6950 info: name: Eclipse Mojarra - Local File Read author: iamnoooob,pdresearch severity: medium description: | Directory traversal in Eclipse Mojarra...

6.5CVSS7.1AI score0.10124EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago46 views

BOA Web Server 0.94.14 - Arbitrary File Access

BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...

7.8CVSS7.7AI score0.68243EPSS
Exploits6References5
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2025-71394

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS5.4AI score
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2025-210485

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS5.4AI score
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2025-71394

SurrealDB versions before 2.2.2 have a local file read vulnerability in the DEFINE ANALYZER that allows authenticated users with root, namespace, or database privileges to point analyzers to arbitrary file paths and exfiltrate content from two-column tab-separated files; remediation is to upgrade...

2.3CVSS5.4AI score
Exploits0References2
Cvelist
Cvelist
added yesterday21 views

CVE-2025-71394 SurrealDB before 2.2.2 Local File Read via DEFINE ANALYZER

SurrealDB versions before 2.2.2 contain a local file read vulnerability in the DEFINE ANALYZER statement that allows authenticated users to read arbitrary files on the file system. Attackers with root, namespace, or database level privileges can point analyzers to arbitrary file paths and...

2.3CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday134 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS8.6AI score0.59798EPSS
Exploits1References5
Rows per page
Query Builder