Lucene search
K

38 matches found

CVE
CVE
added last week18 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.9 views

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/25 7:51 p.m.3 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal in the pluginRunDatabaseScript.json.php endpoint. An administrator can execute arbitrary SQL commands and disclose sensitive file contents by...

8.6CVSS6.3AI score0.00493EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 7:0 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the archive extraction process. An attacker can access or modify arbitrary files on the system by crafting a package containing symlinks that point outside the intended destination directory. Details A Directory...

8.4CVSS6.2AI score0.0022EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/24 3:40 p.m.5 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6.5AI score0.00671EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/01/20 9:29 p.m.11 views

Weblate: Argument Injection in /manage/ssh/ via host parameter leads to sensitive file disclosure on Weblate

A vulnerability was discovered in the SSH management interface of Weblate, a web-based translation tool. The vulnerability allowed an attacker with administrative privileges to inject command-line arguments into the host parameter, leading to sensitive file disclosure on the server. The vulnerabl...

9.1CVSS5.4AI score0.00447EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/01/04 8:21 a.m.166 views

LFI-DVWA-Lab-

LFI Exploitation – DVWA Lab 📌 Overview This project demons...

7.7AI score
Exploits0
Snyk
Snyk
added 2025/12/29 7:43 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of directory names ending with a "." in the upload process. An attacker can write files outside the intended datastore directory by crafting directory names that end with "%2E". This ...

8.2CVSS7.7AI score0.00471EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.172 views

📄 Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner

A local file inclusion vulnerability exists in the function kubiohybridthemeloadtemplate of the Kubio AI Page Builder plugin for WordPress versions less than or equal to 2.5.1. An unauthenticated attacker may include arbitrary files via path traversal. This may lead to sensitive file disclosure a...

9.8CVSS7.1AI score0.76761EPSS
Exploits39
GithubExploit
GithubExploit
added 2025/12/08 10:50 a.m.230 views

Exploit for CVE-2025-66516

🚨 CVE-2025-66516 — Critical Apache Tika Vulnerability !G7o6Z...

10CVSS7.7AI score0.79807EPSS
Exploits6
Veracode
Veracode
added 2025/07/18 5:53 a.m.4 views

XML External Entity (XXE) Injection

org.dspace, dspace-api is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XML input during archive import and interaction with external services, which allows an attacker to craft malicious XML payloads that may lead to sensitive file disclosure o...

6.9CVSS6.4AI score0.00368EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2025/07/15 2:47 p.m.36 views

CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file

DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...

5.2CVSS0.00404EPSS
Exploits0References7
Snyk
Snyk
added 2025/06/19 2:40 p.m.5 views

Directory Traversal

Overview DotVVM is an open source ASP.NET-based framework which allows to build interactive web apps easily by using mostly C and HTML. Affected versions of this package are vulnerable to Directory Traversal via the FileResourceLocation process in Debug mode. An attacker can access sensitive file...

8.7CVSS7.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/08/04 6:30 p.m.25 views

OpenRefine Server-Side Request Forgery vulnerability

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

6.5CVSS6.7AI score0.01162EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/08/04 6:30 p.m.28 views

GHSA-Q7MC-FC87-V7W7 OpenRefine Server-Side Request Forgery vulnerability

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

6.5CVSS6.2AI score0.01162EPSS
Exploits1References6
NVD
NVD
added 2023/08/04 5:15 p.m.27 views

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

6.5CVSS6.3AI score0.01162EPSS
Exploits1References3
OSV
OSV
added 2023/08/04 5:15 p.m.26 views

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

6.5CVSS6.9AI score0.01162EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/08/04 5:15 p.m.14 views

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

6.5CVSS6.6AI score0.01162EPSS
Exploits1References4
Prion
Prion
added 2023/08/04 5:15 p.m.20 views

Server side request forgery (ssrf)

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

4CVSS6.3AI score0.01162EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2023/08/04 12:0 a.m.18 views

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

6.5CVSS6.4AI score0.01162EPSS
Exploits1
Rows per page
Query Builder