CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/03/10 8:25 p.m.•0 views

EUVD-2026-10873

OSV•added 2026/03/10 8:25 p.m.•3 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

8.7CVSS5.8AI score0.00021EPSS

Exploits1References6

Vulnrichment•added 2026/03/10 8:25 p.m.•3 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

Github Security Blog•added 2026/03/10 1:4 a.m.•3 views

liquidjs has a path traversal fallback vulnerability

Impact The layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the default. This poses a security risk when malicious users are allowed to control the template...

Exploits1References6Affected Software1

OSV•added 2026/03/10 1:4 a.m.•4 views

GHSA-WMFP-5Q7X-987X liquidjs has a path traversal fallback vulnerability

8.7CVSS5.8AI score0.00021EPSS

Exploits1References6

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24182

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.0 Description The layout, render, and include tags are susceptible to arbitrary file access through absolute paths. This can occur when paths are provided as string literals or through Liquid variables,...

CNNVD•added 2026/03/10 12:0 a.m.•2 views

Exploits1References7

liquidjs 路径遍历漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.0 had a path traversal vulnerability. This vulnerability stems from the layout, render, and include tags allowing access to arbitrary files via absolute...

vulnersOsv•added 2026/03/07 9:30 a.m.•9 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +1199 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.8.0 <=3.8.5)

org.apache.zookeeper:zookeeper MAVEN version =3.8.0, =3.10.0.5, =0.1.0, =0.2.6, =0.0.33, =0.0.82, =0.0.33, =0.0.33, =0.0.33, =0.6.2, =0.6.0, =0.7.1 and more Source cves: CVE-2026-24281 Source advisory: OSV:GHSA-7XRH-HQFC-G7QR...

7.4CVSS7.2AI score0.0003EPSS

Exploits0

RedhatCVE•added 2026/03/07 7:59 a.m.•3 views

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...

9.3CVSS5.8AI score0.0002EPSS

Exploits1References1

Veracode•added 2026/03/07 5:14 a.m.•3 views

Arbitrary File Read

changedetection.io is vulnerable to Arbitrary File Read. The vulnerability is due to insufficient validation of user-supplied XPath expressions in the includefilters field, allowing attackers to use functions such as unparsed-text to read arbitrary files from the filesystem accessible to the...

9.3CVSS6AI score0.0002EPSS

Exploits1References3Affected Software1

CVE-2025-69339

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through = 1.5.16...

RedhatCVE•added 2026/03/06 7:55 a.m.•4 views

CVE-2025-69090

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through = 1.3.4...

RedhatCVE•added 2026/03/06 7:55 a.m.•2 views

CVE-2026-27336

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Theme consultor allows PHP Local File Inclusion.This issue affects Consultor | Consulting, Accounting &...

CVE-2026-27992

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Meals & Wheels meals-wheels allows PHP Local File Inclusion.This issue affects Meals & Wheels: from n/a through = 1.1.12...

CVE-2026-27996

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affects Lingvico: from n/a through = 1.0.14...

RedhatCVE•added 2026/03/06 7:55 a.m.•1 views

CVE-2026-27987

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through = 2.12...

CVE-2026-27341

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through = 1.2...

CVE-2026-27334

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in danfisher Alchemists alchemists allows PHP Local File Inclusion.This issue affects Alchemists: from n/a through = 4.6.0...