Lucene search
K

2593 matches found

Nuclei
Nuclei
added yesterday48 views

Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

7.5CVSS7.2AI score0.04736EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday48 views

Joomla! Component com_cartweberp - Local File Inclusion

A directory traversal vulnerability in the CARTwebERP comcartweberp component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0982 info: name: Joomla! Component comcartweberp - Local File Inclusion author:...

4.3CVSS6.1AI score0.06238EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday94 views

Gradio < 2.5.0 - Arbitrary File Read

Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...

7.7CVSS7.1AI score0.03794EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday41 views

Repetier Server - Directory Traversal

Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. id: CVE-2023-31059 info: name: Repetier Server - Directory Traversal author: parthmalhotra,pdresearch severity: high description: | Repetier Server...

7.5CVSS7.1AI score0.05574EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday47 views

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion

STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This...

7.5CVSS7.2AI score0.47907EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday119 views

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

7.5CVSS7.2AI score0.03551EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday45 views

Galera WebTemplate 1.0 Directory Traversal

Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. id: CVE-2021-40960 info: name: Galera WebTemplate 1.0 Directory Traversal author: daffainfo severity: critical description: Galera WebTemplate 1.0 is affected ...

9.8CVSS7.2AI score0.09768EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

PaperCut < 22.1.3 - Path Traversal

PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. id: CVE-2023-39143 info: name: PaperCut 22.1.3 - Path Traversal author: pdteam severity: critical description: PaperCut NG and PaperCut MF before 22.1.3...

9.8CVSS7.5AI score0.78696EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday61 views

Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read

Citrix ShareFile StorageZones aka storage zones Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read vulnerability. id: CVE-2020-8982 info: name: Citrix ShareFile StorageZones =5.10.x - Arbitrary File Read author: dwisiswant0 severity: high...

7.5CVSS7.4AI score0.27149EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday75 views

Ray API - Local File Inclusion

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. id: CVE-2023-6021 info: name: Ray API - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's log API endpoint allows attackers to read any file on the server withou...

7.5CVSS7.3AI score0.37076EPSS
Exploits11References2
Nuclei
Nuclei
added yesterday60 views

kkFileview v4.0.0 - Local File Inclusion

kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host. id: CVE-2021-43734 info: name: kkFileview v4.0.0 - Local File Inclusion author: arafatansari severity: high description: | kkFileview v4.0.0 is vulnerable to local file inclusion whi...

7.5CVSS7.1AI score0.10728EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday45 views

WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion

WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or...

7.2CVSS7.1AI score0.05898EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday54 views

WordPress MyPixs <=0.3 - Local File Inclusion

WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. id: CVE-2015-1000012 info: name: WordPress MyPixs =0.4 or apply the vendor-provided patch to fix the LFI vulnerability. reference: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 -...

7.5CVSS7.1AI score0.09325EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday44 views

Jeecg P3 Biz Chat - Local File Inclusion

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. id: CVE-2023-33510 info: name: Jeecg P3 Biz Chat - Local File Inclusion author: DhiyaneshDK severity: high description: | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files...

7.5CVSS7.2AI score0.04042EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday40 views

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges. id: CVE-2021-46417 info: name: Franklin Fueling Systems...

7.8CVSS7AI score0.59753EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday90 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. id: CVE-2022-25486 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file...

7.8CVSS7AI score0.09966EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday126 views

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

9.8CVSS7.2AI score0.82585EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday79 views

HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion

An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. id: CVE-2024-34470 info: name: HSC...

8.6CVSS7.3AI score0.06699EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday85 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS6.2AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday47 views

MLflow < 2.11.3 - Path Traversal

MLflow versions prior to 2.11.3 are vulnerable to a Path Traversal attack due to improper URI fragment parsing. This vulnerability allows attackers to read arbitrary files on the server, potentially exposing sensitive information. id: CVE-2024-2928 info: name: MLflow 2.11.3 - Path Traversal autho...

7.5CVSS7.2AI score0.21847EPSS
Exploits2References2
Rows per page
Query Builder