Lucene search
K

20394 matches found

NVD
NVD
added 4 hours ago4 views

CVE-2024-6228

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...

Exploits0References1
CVE
CVE
added 6 hours ago3 views

CVE-2024-6228

This CVE concerns the WordPress plugin Notifications for Forms & WordPress Actions (WANotifier) prior to version 2.6. The root cause is inadequate validation of a user-supplied value that is used to build a server-side file inclusion path. This allows authenticated users with subscriber-level acc...

6.2AI score
Exploits0References1
Nuclei
Nuclei
added 9 hours ago9 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.4AI score0.05365EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago11 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS6AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago8 views

Oliver 5 Library Server <8.00.008.053 - Local File Inclusion

Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function. id: CVE-2021-45027 info: name: Oliver 5 Library Server 8.00.008.053 - Local File Inclusion author: gy741 severity: high description: Oliver 5 Library Server versions prior t...

7.5CVSS7AI score0.01642EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago14 views

Moodle Jmol Filter 6.1 - Local File Inclusion

Moodle Jmol Filter 6.1 is vulnerable to local file inclusion through the jsmol.php file, allowing attackers to read arbitrary files on the server. id: CVE-2025-34031 info: name: Moodle Jmol Filter 6.1 - Local File Inclusion author: madrobot severity: high description: | Moodle Jmol Filter 6.1 is...

8.7CVSS7.3AI score0.02963EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago107 views

NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read

NAKIVO Backup & Replication is a data protection solution used for backing up and restoring virtualized and physical environments. A vulnerability has been identified in certain versions of NAKIVO Backup & Replication that allows an unauthenticated attacker to read arbitrary files on the underlyi...

8.6CVSS7.3AI score0.9408EPSS
Exploits2References1
Nuclei
Nuclei
added 9 hours ago43 views

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

9.8CVSS7.9AI score0.03111EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago11 views

WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion

The Grow by Tradedoubler WordPress plugin through version 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. id: CVE-2024-6460 info:...

9.8CVSS6.2AI score0.04826EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago24 views

HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the wooftextsearch AJAX action. This makes it possible for unauthenticated attackers to include and...

9.8CVSS7.8AI score0.54756EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago31 views

Solara <1.35.1 - Local File Inclusion

A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...

8.6CVSS7.3AI score0.02884EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago27 views

Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

5CVSS7.4AI score0.04306EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago16 views

Devika - Local File Inclusion

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

7.5CVSS7.2AI score0.02073EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago28 views

Mlflow < 2.17.0 - Local File Inclusion

Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2024-8859...

7.5CVSS7.1AI score0.02484EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago23 views

MasterSAM Star Gate v11 - Local File Inclusion

MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information...

6.5CVSS7.3AI score0.03012EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago10 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.3AI score0.02013EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago11 views

Mockoon < 9.2.0 - Path Traversal

Mockoon before 9.2.0 contains a path traversal and local file inclusion caused by unsafe templating of server filenames from user input, letting attackers read arbitrary files on the mock server filesystem, exploit requires crafted request. id: CVE-2025-59049 info: name: Mockoon 9.2.0 - Path...

7.5CVSS7.3AI score0.0166EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago7 views

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...

8.5CVSS6.1AI score0.01409EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago14 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7.1AI score0.05028EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago33 views

Vite server.fs.deny Bypass - Local File Inclusion

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest- script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

5.3CVSS6.8AI score0.38685EPSS
Exploits7References5
Rows per page
Query Builder