Lucene search
K

148 matches found

Veracode
Veracode
added 2026/07/06 6:31 a.m.6 views

Path Traversal

Horde IMP is vulnerable to path traversal. The vulnerability is due to insufficient validation of img src URLs, where attackers can bypass the stripos prefix validation by appending traversal sequences after the matching prefix, and read sensitive files whose contents are then exfiltrated as MIME...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2026/07/01 7:16 p.m.9 views

CVE-2026-58451

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS0.00379EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 6:16 p.m.38 views

CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS0.00379EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 6:16 p.m.23 views

CVE-2026-58451

CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References7
OSV
OSV
added 2026/07/01 6:16 p.m.4 views

CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS6.1AI score0.00379EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/07/01 6:16 p.m.7 views

CVE-2026-58451 Horde IMP < 7.0.1 Path Traversal via Compose.php img src

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos prefix validatio...

7.1CVSS5.9AI score0.00379EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54913

Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1 Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix ...

7.1CVSS6.1AI score0.00379EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-2003

Malware in sbrugna...

5.3CVSS6.4AI score0.01924EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-4075

Malware in sbrugna...

4.3CVSS6.4AI score0.02401EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-1440

Malware in sbrugna...

4.3CVSS6.2AI score0.01208EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2006-4243

Malware in sbrugna...

4.3CVSS5.4AI score0.01624EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-1509

Malware in sbrugna...

4.3CVSS6.4AI score0.02368EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-1322

Malware in sbrugna...

4.3CVSS6.4AI score0.01228EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-0729

Malware in sbrugna...

2.1CVSS6.4AI score0.00356EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2010-0494

Malware in sbrugna...

5CVSS6.1AI score0.01945EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3679

Malware in sbrugna...

4.3CVSS6.1AI score0.04979EPSS
Exploits1References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2010-1659

Malware in sbrugna...

5CVSS6.4AI score0.01266EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-0927

Malware in sbrugna...

4.3CVSS6.1AI score0.01604EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-0822

Malware in sbrugna...

4.3CVSS6.1AI score0.02437EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-0583

Malware in sbrugna...

6.8CVSS6.1AI score0.0134EPSS
Exploits0References6
Rows per page
Query Builder