Lucene search
+L

322 matches found

Nuclei
Nuclei
added 5 hours ago21 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS5.4AI score0.17393EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago13 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7AI score0.62368EPSS
Exploits2References2
NVD
NVD
added 4 days ago6 views

CVE-2026-15621

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-15621 mosaxiv clawlet File Tools fs_ops.go edit_file link following

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS0.0014EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score0.0014EPSS
Exploits0References6
CVE
CVE
added 4 days ago8 views

CVE-2026-15621

mosaxiv clawlet up to version 0.2.10 contains a vulnerability in the File Tools component, specifically in the read_file, write_file, and edit_file functionality implemented in tools/fs_ops.go. The issue arises from a manipulation that leads to link following, with exploitation requiring local ac...

5.3CVSS5.9AI score0.0014EPSS
Exploits0References6
OSV
OSV
added 4 days ago3 views

CVE-2026-15621 mosaxiv clawlet File Tools fs_ops.go edit_file link following

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

4.8CVSS5.9AI score0.0014EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/10 8:16 p.m.3 views

CVE-2026-57211

RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...

6.5CVSS6.1AI score0.00404EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/07/10 3:16 p.m.8 views

CVE-2026-61432

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 1:58 p.m.6 views

EUVD-2026-42898

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 1:58 p.m.2 views

CVE-2026-61432 PraisonAI FastContext before 1.6.78 Path Traversal

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/10 7:9 a.m.8 views

CVE-2026-54528

A flaw was found in JupyterLab Git, a Git extension for JupyterLab. This vulnerability allows an authenticated user on a case-insensitive filesystem to bypass administrator-configured excluded paths by varying the case of the URL path segment. This bypass enables the user to read file content, vi...

7.1CVSS6AI score0.00301EPSS
Exploits1References6
NVD
NVD
added 2026/07/10 12:16 a.m.5 views

CVE-2026-50181

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
OSV
OSV
added 2026/07/09 11:49 p.m.4 views

CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS6.1AI score0.00646EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/09 11:44 p.m.32 views

CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
OSV
OSV
added 2026/07/09 11:44 p.m.2 views

CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS6.1AI score0.00184EPSS
Exploits1References4
CVE
CVE
added 2026/07/06 7:25 p.m.22 views

CVE-2026-58403

Hugo (static site generator) vulnerable from v0.123.0 through v0.163.0. A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, enabling os.ReadFile on a symlink to read the target file outside the mount. This could let a symlink inside a theme or ...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56062

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.1 Description Langroid is a framework for building large-language-model-powered applications. The SQLChatAgent component implements a SQL-injection mitigation that uses a raw-text regex blocklist DANGEROUS SQL...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References14
OSV
OSV
added 2026/07/03 8:45 p.m.4 views

CVE-2026-14610 Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile heap-based overflow

A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is restricted to local...

4.8CVSS6AI score0.00128EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 5:42 p.m.7 views

GHSA-PMCH-G965-GRMR Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References3
Rows per page
Query Builder