Lucene search
+L

22 matches found

cve
cve
added yesterday9 views

CVE-2026-62314

Anubis Web AI Firewall Utility vulnerable in versions 1.22.0–1.26.0-pre1 due to PathChecker.Check() trusting the client-controlled X-Original-URI header before r.URL.Path, enabling bypass of the challenge via ALLOW rules (e.g., ^/.well-known/.*$). A fixed release is 1.26.0-pre1; upgrade to mitiga...

5.8CVSS6.1AI score
Exploits0References4
susecve
susecve
added 2026/05/08 2:22 a.m.7 views

SUSE CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

7.5CVSS5.8AI score0.00503EPSS
Exploits1References3
osv
osv
added 2026/05/07 11:50 a.m.4 views

CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

7.5CVSS5.9AI score0.00503EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/10/29 10:51 a.m.3 views

CVE-2025-12461 Unprotected access to parts of the application in Epsilon RH by Grupo Castilla

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/07/25 3:55 p.m.5 views

CVE-2015-10142 Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path

Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...

6.9CVSS7AI score0.00473EPSS
Exploits0References3
cve
cve
added 2025/07/25 3:55 p.m.20 views

CVE-2015-10142

CVE-2015-10142 affects Sitecore Experience Platform (XP) prior to 8.0 Initial Release and Sitecore CMS prior to 7.2 Update-3 and prior to 7.5 Update-1. The flaw allows an attacker to download files under the web root when the file name is known via a specially crafted URL; allowed file types excl...

6.9CVSS6.3AI score0.00473EPSS
Exploits0References3
prion
prion
added 2019/07/02 7:15 p.m.26 views

Code injection

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants...

4.4CVSS7.5AI score0.00717EPSS
Exploits0References7Affected Software6
osv
osv
added 2018/06/07 2:29 a.m.4 views

CVE-2018-3714

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

6.5CVSS5.8AI score0.08632EPSS
Exploits1References1
prion
prion
added 2018/06/07 2:29 a.m.10 views

Path traversal

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

5CVSS7.3AI score0.02038EPSS
Exploits1References1Affected Software1
prion
prion
added 2018/06/07 2:29 a.m.18 views

Path traversal

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

5CVSS7.3AI score0.02021EPSS
Exploits1References1Affected Software1
prion
prion
added 2018/06/07 2:29 a.m.21 views

Path traversal

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e . and %2f / and allowing them in paths, which allows a malicious user to view the contents of any directory with known path...

4CVSS6.2AI score0.0179EPSS
Exploits1References2Affected Software1
prion
prion
added 2018/06/07 2:29 a.m.17 views

Path traversal

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

4CVSS6.2AI score0.01474EPSS
Exploits1References1
cvelist
cvelist
added 2018/06/07 2:0 a.m.46 views

CVE-2018-3730

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

7.4AI score0.02038EPSS
Exploits1References1
cvelist
cvelist
added 2018/06/07 2:0 a.m.29 views

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

7.4AI score0.02038EPSS
Exploits1References1
nvd
nvd
added 2018/06/04 7:29 p.m.22 views

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

6.5CVSS6.3AI score0.01217EPSS
Exploits1References1
cvelist
cvelist
added 2018/06/04 7:0 p.m.24 views

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

6.3AI score0.01217EPSS
Exploits1References1
osv
osv
added 2018/05/29 8:29 p.m.14 views

CVE-2018-3733

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...

7.5CVSS7.6AI score
Exploits0References2
cvelist
cvelist
added 2018/05/29 8:0 p.m.25 views

CVE-2018-3734

stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path...

7.4AI score0.01918EPSS
Exploits1References1
cvelist
cvelist
added 2018/05/29 8:0 p.m.31 views

CVE-2018-3733

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...

7.4AI score0.02216EPSS
Exploits1References2
osv
osv
added 2017/02/22 12:0 a.m.4 views

UBUNTU-CVE-2017-3157

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user in...

5.5CVSS6.3AI score0.03122EPSS
Exploits0References4
Rows per page
Query Builder