29914 matches found
CVE-2026-20175
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
CVE-2026-20175
CVE-2026-20175 – Cisco Finesse remote file inclusion vulnerability. An unauthenticated, remote attacker can load arbitrary files into an active user session by sending a crafted HTTP request, potentially enabling browser‑based attacks and execution of script code or access to sensitive informatio...
CVE-2026-20175
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
CVE-2026-20175 Cisco Finesse File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
Cisco Finesse Remote File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...
CVE-2026-35080
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites comjoomla-visites component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter. id: CVE-2010-2918 info: name: Joomla! Component Visit...
PyTorch TorchServe SSRF
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...
74CMS - Remote File Inclusion
PHP remote file inclusion in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. id: CVE-2020-29279 info: name: 74CMS - Remote File Inclusion author: DhiyaneshDK severity: critical description: | PHP remote file...
SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery
SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...
Dify v1.6.0 - Server-Side Request Forgery
Dify v1.6.0 contains a server side request forgery caused by improper validation in controllers.console.remotefiles.RemoteFileUploadApi, letting attackers make arbitrary requests from the server, exploit requires network access. id: CVE-2025-56520 info: name: Dify v1.6.0 - Server-Side Request...
Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery
Onair2 3.9.9.2 and KenthaRadio 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery. id: CVE-2021-24472 info...
BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion
The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File Inclusion vulnerability via TimThumb. id: CVE-2015-9415 info: name: BJ Lazy Load Timthumb = 0.7.5 - Remote File Inclusion author: s4e-io severity: high description: | The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File...
KR-Web <=1.1b2 - Remote File Inclusion
KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter. id: CVE-2009-4223 info: name: KR-Web =1.1b2 - Remote File Inclusion author: geeknik severity: high...
esm.sh <= v136 - Local File Inclusion
esm.sh = 136 contains a local file inclusion caused by improper URL handling, letting attackers read arbitrary files from the host filesystem remotely, exploit requires crafted request. id: CVE-2025-59341 info: name: esm.sh = v136 - Local File Inclusion author: 0xAkoko severity: high description:...
White Star Software ProTop - Directory Traversal
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. id: CVE-2025-44177 info: name:...
CVE-2026-10694
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...
EUVD-2026-34059
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...
CVE-2026-10694
SourceCodester Online Food Ordering System 2.0 is affected in the index.php include handling. The vulnerability arises from manipulation of the page parameter, causing a file inclusion (remote exploit surface). The issue is exploitable remotely and the exploit is public, enabling an attacker to i...
PT-2026-45890
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...