Lucene search
K

65 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying...

5.9CVSS6.1AI score0.0034EPSS
Exploits1References3
NVD
NVD
added last week9 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS0.0034EPSS
Exploits1References3
EUVD
EUVD
added last week5 views

EUVD-2026-42337

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score0.0034EPSS
Exploits1References3
OSV
OSV
added last week4 views

CVE-2026-59924 Mistune: Arbitrary File Read via Include directive path traversal

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6.1AI score0.0034EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 11:46 a.m.9 views

CVE-2011-10043

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:6 p.m.13 views

CVE-2026-47179

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.00307EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44732

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.4 Description An authenticated user can perform an arbitrary read of any file accessible by the Arcane backend process. This occurs because the ProjectService.CreateProject function writes attacker-supplied compos...

7.7CVSS6AI score0.00307EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/03/11 1:32 p.m.4 views

CVE-2026-32061

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS5.9AI score0.00146EPSS
Exploits0References4
OSV
OSV
added 2026/03/11 1:32 p.m.6 views

CVE-2026-32061 OpenClaw < 2026.2.17 - Arbitrary File Read via $include Directive Path Traversal

OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversa...

6.7CVSS6AI score0.00146EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.5 views

CVE-2016-10828

cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path SEC-97...

9CVSS7.9AI score0.02618EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.6 views

CVE-2016-10837

cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path SEC-46...

8.5CVSS7.8AI score0.01521EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 7:21 a.m.11 views

CVE-2025-58949

The CVE-2025-58949 is tied to the WordPress Spock theme (versions ≤ 1.17). The issue is an improper control of filenames for include/require, enabling PHP Local File Inclusion. Affected software/component: WordPress Spock theme. Root cause: improper filename handling in PHP includes. Impact as de...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-6199

Malware in sbrugna...

7.5CVSS6.4AI score0.03442EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-49084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and...

8.8CVSS7.8AI score0.63774EPSS
Exploits4References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.8 views

Mite 代码问题漏洞

Mite is a Perl 5 distribution of Mite by Toby Inkster Individual Developer. A code issue vulnerability exists in versions prior to Mite 0.013000 that stems from adding the current working directory to the INC path, which could lead to the execution of arbitrary code...

6.5CVSS6.9AI score0.00394EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/12/23 2:38 a.m.5 views

SUSE CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

8.8CVSS8.8AI score0.63774EPSS
Exploits4References4
ATTACKERKB
ATTACKERKB
added 2023/12/21 11:15 p.m.3 views

CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

8.8CVSS7.9AI score0.63774EPSS
Exploits4References6
OSV
OSV
added 2023/12/21 11:15 p.m.3 views

DEBIAN-CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

8.8CVSS9.1AI score0.63774EPSS
Exploits4References1
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.5 views

Cacti security breach

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to obtain data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in Cacti versions prior to 1.2.26,...

8.8CVSS8.5AI score0.63774EPSS
Exploits4References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.8 views

SUSE CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

7.4CVSS7.8AI score0.20233EPSS
Exploits0References4
Rows per page
Query Builder