Lucene search
+L

102 matches found

jenkins
jenkins
added 2026/06/10 12:0 a.m.11 views

Deserialization vulnerability

Jenkins uses serialization and deserialization in multiple places, like agent/controller communication the Remoting library and to load and save configuration and build data using XStream. To protect from common deserialization vulnerabilities, Jenkins uses a custom deserialization filter that on...

8.8CVSS5.6AI score0.14907EPSS
Exploits2Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10075

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.6AI score0.00387EPSS
Exploits0References1
ubuntu
ubuntu
added 2026/06/05 8:11 a.m.13 views

USN-8394-1: YARD vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.11 views

Lyrion Music Server 路径遍历漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a path traversal vulnerability. This vulnerability allows for the reading of arbitrary files through path traversal techniques...

8.7CVSS8.5AI score0.0064EPSS
Exploits2References2
vulnrichment
vulnrichment
added 2026/06/01 9:4 a.m.14 views

CVE-2026-40547 Path Traversal in SOPlanning

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

6.4CVSS5.8AI score0.00447EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/27 12:0 a.m.11 views

PT-2026-35439

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

7.5CVSS5.5AI score0.00446EPSS
Exploits0References3
osv
osv
added 2026/04/24 12:0 a.m.2 views

CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

4CVSS6AI score0.00161EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/04/15 12:0 a.m.12 views

SoftSul SAC-NFe 安全漏洞

SoftSul SAC-NFe is an electronic invoice management system developed by the Brazilian company SoftSul. Version 2.0.02 of SoftSul SAC-NFe contains a security vulnerability. This vulnerability stems from defects in the file processing logic of the download.php component, which may lead to directory...

7.5CVSS5.9AI score0.00738EPSS
Exploits0References1
osv
osv
added 2026/04/07 7:13 p.m.2 views

CVE-2026-39365 Vite has a Path Traversal in Optimized Deps `.map` Handling

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

6.3CVSS5.9AI score0.00914EPSS
Exploits1References3
nvd
nvd
added 2026/03/24 12:16 a.m.6 views

CVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

9.8CVSS0.00567EPSS
Exploits0References10
cnnvd
cnnvd
added 2026/02/04 12:0 a.m.12 views

Group Office 代码问题漏洞

Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the WOPI service discovery URL, which could lead to...

8.2CVSS5.9AI score0.00396EPSS
Exploits1References2
osv
osv
added 2026/01/21 6:16 p.m.4 views

CVE-2021-47849

Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests...

7.5CVSS5.8AI score
Exploits0References3
cvelist
cvelist
added 2026/01/13 10:51 p.m.24 views

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

8.7CVSS0.00463EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/01/02 12:0 a.m.8 views

QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A path traversal vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from path traversal and could result in reading...

6.9CVSS6.8AI score0.00521EPSS
Exploits0References2
cvelist
cvelist
added 2025/12/08 4:57 p.m.19 views

CVE-2025-48591

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00083EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/10/23 12:0 a.m.6 views

PT-2025-43488

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1CVSS5.4AI score0.00077EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2025/09/24 12:0 a.m.5 views

PT-2025-39247

Name of the Vulnerable Software and Affected Versions nncp versions prior to 8.12.0 Description The software contains a path traversal flaw that could allow reading or writing to files. This issue occurs during the process of freqing and saving files when handling crafted paths within packet data...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References14
cvelist
cvelist
added 2025/09/21 9:0 a.m.12 views

CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS0.00839EPSS
Exploits1References2
cnnvd
cnnvd
added 2025/09/12 12:0 a.m.5 views

LangChain Go 安全漏洞

LangChain Go is a simple framework for writing LLM-based programs in Go by the individual developer Travis Cline. A security vulnerability exists in LangChain Go version 0.1.14, which stems from support for include and extends syntax for reading files, and could lead to a server-side template...

9.8CVSS7AI score0.00666EPSS
Exploits0References3
cvelist
cvelist
added 2025/09/03 5:17 a.m.9 views

CVE-2023-21471

Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission...

4CVSS0.00118EPSS
Exploits0References1
Rows per page
Query Builder