Lucene search
K

2593 matches found

Nuclei
Nuclei
added 13 hours ago54 views

Linx Sphere - Directory Traversal

A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. id: CVE-2022-45269 info: name: Linx Sphere - Directory Traversal author: robotshell severity: high description: | A directory traversal vulnerability...

7.5CVSS7.2AI score0.03092EPSS
Exploits1References1
Nuclei
Nuclei
added 13 hours ago39 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. id: CVE-2022-25497 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: medium description: | CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function...

5.3CVSS6.2AI score0.03642EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago60 views

Shield Security WP Plugin <= 18.5.9 - Local File Inclusion

The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP fil...

9.8CVSS7.4AI score0.56567EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago63 views

PaperCut < 22.1.3 - Path Traversal

PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. id: CVE-2023-39143 info: name: PaperCut 22.1.3 - Path Traversal author: pdteam severity: critical description: PaperCut NG and PaperCut MF before 22.1.3...

9.8CVSS7.5AI score0.78696EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago86 views

Ray API - Local File Inclusion

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. id: CVE-2023-6021 info: name: Ray API - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's log API endpoint allows attackers to read any file on the server withou...

7.5CVSS7.3AI score0.37076EPSS
Exploits11References2
Nuclei
Nuclei
added 13 hours ago66 views

Repetier Server - Directory Traversal

Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. id: CVE-2023-31059 info: name: Repetier Server - Directory Traversal author: parthmalhotra,pdresearch severity: high description: | Repetier Server...

7.5CVSS7.1AI score0.05574EPSS
Exploits2References2
Nuclei
Nuclei
added 13 hours ago181 views

ManageEngine OpManager - Directory Traversal

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. id: CVE-2023-47211 info: name: ManageEngine...

9.1CVSS7.3AI score0.47024EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago37 views

Flatpress < 1.3 - Path Traversal

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. id: CVE-2023-0947 info: name: Flatpress 1.3 - Path Traversal author: r3Y3r53 severity: critical description: | Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. impact: | Unauthenticated attackers ca...

9.8CVSS7.2AI score0.03637EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago138 views

Ghost CMS < 5.42.1 - Path Traversal

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. id: CVE-2023-32235 info: name: Ghost CMS 5.42.1 - Path Traversal author: j3ssie severit...

7.5CVSS7.2AI score0.39078EPSS
Exploits3References4
Nuclei
Nuclei
added 13 hours ago81 views

Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server id: CVE-2023-5991 info: name: Hotel Booking...

9.8CVSS7.3AI score0.03313EPSS
Exploits2References2
Nuclei
Nuclei
added 13 hours ago139 views

ThinkAdmin 6 - Local File Inclusion

ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. id: CVE-2020-25540 info: name: ThinkAdmin 6 - Local File Inclusion author: geeknik severity: high description:...

7.5CVSS7.2AI score0.75881EPSS
Exploits5References5
Nuclei
Nuclei
added 13 hours ago124 views

LearnPress Plugin < 4.2.0 - Local File Inclusion

Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions. id: CVE-2022-47615 info: name: LearnPress Plugin 4.2.0 - Local File Inclusion author: DhiyaneshDK severity: critical description: | Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin...

9.8CVSS7.2AI score0.05063EPSS
Exploits2References4
Nuclei
Nuclei
added 13 hours ago53 views

Jeecg P3 Biz Chat - Local File Inclusion

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. id: CVE-2023-33510 info: name: Jeecg P3 Biz Chat - Local File Inclusion author: DhiyaneshDK severity: high description: | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files...

7.5CVSS7.2AI score0.04042EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago41 views

INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/exportsettings.sh endpoint. id: CVE-2020-24285 info: name: INTELBRAS...

7.5CVSS7.1AI score0.04497EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago75 views

kkFileview v4.0.0 - Local File Inclusion

kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host. id: CVE-2021-43734 info: name: kkFileview v4.0.0 - Local File Inclusion author: arafatansari severity: high description: | kkFileview v4.0.0 is vulnerable to local file inclusion whi...

7.5CVSS7.1AI score0.10728EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago95 views

FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

5CVSS6.1AI score0.08761EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago50 views

Draytek VigorConnect 6.0-B3 - Local File Inclusion

Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. id: CVE-2021-201...

7.8CVSS7.3AI score0.69248EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago32 views

MySQLDumper 1.24.4 - Directory Traversal

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 language parameter to learn/cubemail/install.php or 2 f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. dot dot in the...

4.3CVSS6.2AI score0.08465EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago48 views

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php. id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion LFI author: daffainfo...

5CVSS6.1AI score0.09794EPSS
Exploits2References4
Nuclei
Nuclei
added 13 hours ago64 views

Welcart eCommerce <=2.7.7 - Local File Inclusion

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...

9.8CVSS7.2AI score0.05116EPSS
Exploits2References4
Rows per page
Query Builder