Lucene search
K

93962 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-44551

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

9.9CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44549

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

6.8CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48310

Adobe Experience Manager (AEM) is affected by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal, CWE-22) vulnerability that could enable arbitrary file system read. The issue arises from an improper pathname restriction, allowing access to sensitive files outside the ...

8.6CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48359

Adobe Experience Manager is affected by an XML External Entity (XXE) vulnerability (CVE-2026-48359) due to improper restriction of XML External Entity references. It could allow a low-privileged attacker to read sensitive files and potentially gain elevated access or control, with arbitrary code ...

9.6CVSS6.5AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-58613

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-58536

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58613

CVE-2026-58613 (Windows Cloud Files Mini Filter Driver) causes a local privilege escalation via a use-after-free in the driver. This is observed as an elevation of privileges by an authorized attacker who already has local access. Public sources in the connected documents identify the issue as a ...

7.8CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-58536

CVE-2026-58536 : A use-after-free in Windows Cloud Files Mini Filter Driver allows an authorized local attacker to achieve elevation of privileges. Affected component: Windows Cloud Files Mini Filter Driver. Impact: local privilege escalation with high impact; exploit details are not provided in ...

7.8CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday3 views

CVE-2026-50374

CVE-2026-50374 concerns the Windows Cloud Files Mini Filter Driver. The connected sources confirm a use-after-free condition in this driver that can be exploited by an authorized attacker to gain elevated privileges, with the exploitation described as requiring a physical attack. The impact is el...

6.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-50401

CVE-2026-50401 describes an information disclosure in the Windows Cloud Files Mini Filter Driver due to an out-of-bounds read. The impact is local and depends on the attacker already having some level of privileges, with a high confidentiality impact reported in the CVE; the advisory notes an aut...

5.5CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-11944

CVE-2026-11944 affects openSIS Classic 9.3. The vulnerability is an authenticated path traversal in the legacy messaging SentMail attachment download functionality, allowing an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. Impact is limited to ...

6.5CVSS6.2AI score
Exploits1References2Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-9108

Studio 5000 Logix Designer is affected by a path traversal vulnerability in which ACD project files may contain unvalidated file names. During project opening, paths can escape the intended extraction directory, potentially allowing an attacker to write arbitrary files to attacker-controlled loca...

5.4CVSS6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in ethers-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3959190c7c321e0d6f512b89b3c54a6399f3e6f7daecd0563ff753a6a6fed2f5 Package name typosquats the popular 'ethers' library. package.json declares a postinstall pointing at dist/index.min.js, whose sole top-level stateme...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday74 views

Vite Dev Server - Information Exposure

Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...

6CVSS6.2AI score0.01077EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday65 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.1AI score0.02884EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday14 views

Vite Dev Server - Information Exposure

Vite dev server could allow reading files from the Vite project root by bypassing server.fs.deny with double forward-slash paths //. This affects exposed dev servers only. id: CVE-2023-34092 info: name: Vite Dev Server - Information Exposure author: ritikchaddha severity: high description: | Vite...

7.5CVSS7AI score0.03152EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday190 views

qdPM 9.2 - Directory Traversal

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...

7.5CVSS7AI score0.0333EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday60 views

VertaAI ModelDB - Path Traversal

The endpoint "/api/v1/artifact/getArtifact?artifactpath=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifactpath parameter. id: CVE-2023-6023 info: name: VertaAI ModelDB - Path Traversal author:...

8.6CVSS7AI score0.02999EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday129 views

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

7.5CVSS7AI score0.03551EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday205 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7AI score0.03757EPSS
Exploits1
Rows per page
Query Builder