193924 matches found
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
Exploit for CVE-2026-8713
CVE-2026-8713 — Avada Fusion Builder WordPress Exploit Pre-Aut...
Exploit for Unrestricted Upload of File with Dangerous Type in Joomlic Icagenda
CVE-2026-48939 — iCagenda Joomla RCE Exploit Pre-Auth Arbitrary...
libextractor-ole2-rce
Stack-Based Buffer Overflow in GNU libextractor ≤ 1.14 OLE2 P...
Exploit for CVE-2026-14628
Path Traversal Demo - Case Study : CVE-2026-14628 A minimal,...
CVE-2026-59510
AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...
CVE-2026-59510 Authenticated Path Traversal in AIL Framework PDF Object Handling Enables Potential Arbitrary File Read
AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...
CVE-2026-59510
AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...
CVE-2026-59510
The CVE concerns AIL Framework’s PDF object handling. The vulnerable code in PDF.get_filepath() joined the configured PDF storage directory with a path derived from a PDF object identifier without ensuring the final path stayed inside the PDF_FOLDER. Authenticated attackers could supply crafted i...
EUVD-2026-41775
AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.getfilepath function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...
pi-xpi
XPI Security tools for Pi Agent: casefile tracking, web searc...
CVE-2026-53359
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a page directory entry PDE mapping is changed from outside the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a use-after-fr...
Exploit for Unrestricted Upload of File with Dangerous Type in Ollyo Sp_Page_Builder
CVE-2026-48908 — SP Page Builder Joomla Unauthenticated RCE...
DedeCMS 5.7.87 - Directory Traversal
Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter. id: CVE-2023-2059 info: name: DedeCMS 5.7.87 - Directory Traversal author: pussycat0x severity: medium description: | Directory traversal vulnerability in DedeCMS 5.7.87 allows readin...
Milesight Routers - Information Disclosure
A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...
Joomla! Component Online Market 2.x - Local File Inclusion
A directory traversal vulnerability in the Online Market commarket component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1722 info: name: Joomla! Component Onlin...
Geddy <13.0.8 - Local File Inclusion
Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the PATHINFO to the default URI. id: CVE-2015-5688 info: name: Geddy 13.0.8 - Local File Inclusion author:...
Rstudio Shiny Server <1.5.16 - Local File Inclusion
Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL. id: CVE-2021-3374 info: name: Rstudio Shiny Server 1.5.16 - Local File Inclusion author: geeknik severity: medium description: Rstudi...
WordPress Videos sync PDF <=1.7.4 - Local File Inclusion
WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. id: CVE-2022-1392 info: name: WordPress Videos sync PDF =1.7.5 or apply the vendor-provided patch to mitigate the vulnerability. reference...
Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...." substring. id: CVE-2022-26233 info: name: Barco Control Room Management Suite =2.9...