Lucene search
K

112645 matches found

CVE
CVE
added yesterday7 views

CVE-2026-59705

CVE-2026-59705 concerns mem0’s openmemory/api component, where an unauthenticated access flaw allows reading, writing, and deleting arbitrary user memories via API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory ret...

9.8CVSS6AI score
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-14740

CVE-2026-14740 affects DBI for Perl, versions before 1.650. The issue arises in the preparse step that normalises SQL and removes comments: when the SQL starts with a comment line, deleting that line during normalisation causes an out-of-bounds read by one byte. Reported consequences include a fa...

6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday5 views

CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...

Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2026-55418

Summary: CVE-2026-55418 affects FastGPT prior to v4.15.0-beta5, where two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request. The key’s association with the caller’s team is not validated, allowing cross-team file d...

8.6CVSS6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday3 views

kernel: procfs: fix missing RCU protection when reading real_parent in do_task_stat()

A flaw was found in the Linux kernel's procfs component. When reading /proc/pid/stat, the dotaskstat function accesses task-realparent without proper Read-Copy-Update RCU protection. This missing protection creates a race condition, which can lead to a Use-After-Free UAF vulnerability. A local...

7.8CVSS6.5AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.5AI score0.00474EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added yesterday6 views

kernel: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()

A flaw was found in the Linux kernel's nfnetlinkcthelper component. This vulnerability, an out-of-bounds read, occurs in the nfnlcthelperdumptable function when a network connection tracking helper is removed during a dump operation, leading to a bypassed bounds check. A local attacker could...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday5 views

kernel: procfs: fix missing RCU protection when reading real_parent in do_task_stat()

A flaw was found in the Linux kernel's procfs component. When reading /proc/pid/stat, the dotaskstat function accesses task-realparent without proper Read-Copy-Update RCU protection. This missing protection creates a race condition, which can lead to a Use-After-Free UAF vulnerability. A local...

7.8CVSS5.9AI score0.0012EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday11 views

Jan v0.4.12 'readFileSync' - Path Traversal

Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface. id: CVE-2024-36857 info: name: Jan v0.4.12 'readFileSync' - Path Traversal author: Yusuf Amr severity: high description: | Jan v0.4.12 was discovered to contain an arbitrary file rea...

7.5CVSS6AI score0.02054EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday13 views

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

7.5CVSS6AI score0.02056EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday42 views

Frappe Framework < 16.15.0 - Arbitrary File Read via render_include Path Traversal

Frappe is a full-stack web application framework. Versions prior to 15.105.0 and 16.15.0 contain a possible Arbitrary File Read vulnerability via Path Traversal. The issue is resolved in versions 16.15.0, 15.105.0 and above. id: CVE-2026-39352 info: name: Frappe Framework 16.15.0 - Arbitrary File...

8.7CVSS6AI score0.01279EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday12 views

WordPress MapPress Maps <= 2.96.6 - Unauthenticated IDOR

MapPress Maps for WordPress = 2.96.6 contains an authorization bypass caused by missing ownership verification in REST API routes, letting unauthenticated attackers read any map data and authenticated contributors modify any map, exploit requires crafted API requests id: CVE-2026-8839 info: name:...

5.3CVSS5.9AI score0.00813EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday5 views

OneUptime < 10.0.21 - Path Traversal

OneUptime 10.0.21 contains a path traversal caused by unsanitized componentName parameter in /workflow/docs/:componentName endpoint, letting unauthenticated attackers read arbitrary files from the server filesystem. id: CVE-2026-30958 info: name: OneUptime 10.0.21 - Path Traversal author:...

8.6CVSS7.3AI score0.01102EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday13 views

OfficeWeb365 Indexs Interface - Arbitrary File Read

There is any file reading in the officeWeb365 Indexs interface. id: CVE-2024-37728 info: name: OfficeWeb365 Indexs Interface - Arbitrary File Read author: DhiyaneshDK severity: high description: | There is any file reading in the officeWeb365 Indexs interface. impact: | Unauthenticated attackers...

7.5CVSS5.9AI score0.01852EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday10 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.3AI score0.0203EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday18 views

webp_server_go 0.4.0 - Path Traversal

webpservergo 0.4.0 contains a path traversal caused by insufficient sanitization in file handling, letting attackers read arbitrary files on the server, exploit requires attacker to send crafted requests. id: CVE-2021-46104 info: name: webpservergo 0.4.0 - Path Traversal author: pikpikcu severity...

7.5CVSS7.2AI score0.04231EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday12 views

Mockoon < 9.2.0 - Path Traversal

Mockoon before 9.2.0 contains a path traversal and local file inclusion caused by unsafe templating of server filenames from user input, letting attackers read arbitrary files on the mock server filesystem, exploit requires crafted request. id: CVE-2025-59049 info: name: Mockoon 9.2.0 - Path...

7.5CVSS7.3AI score0.0166EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

MapTiler Tileserver-php v2.0 - Unauthenticated File Read

MapTiler Tileserver-php v2.0 contains a directory traversal caused by improper sanitization of GET parameters in renderTile function, letting attackers read arbitrary files on the server, exploit requires crafted web requests id: CVE-2025-44137 info: name: MapTiler Tileserver-php v2.0 -...

8.2CVSS7.3AI score0.0136EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday38 views

Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read

The vulnerability would enable an attacker to remotely obtain sensitive information from a NetScaler appliance configured as a Gateway or AAA virtual server via a very commonly connected Web interface, and without requiring authentication. This bug is nearly identical to the Citrix Bleed...

8.2CVSS7.2AI score0.57633EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday17 views

WP Responsive Images <= 1.0 - Arbitrary File Read

WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...

7.5CVSS6.1AI score0.01722EPSS
Exploits0References2
Rows per page
Query Builder