Lucene search
K

48 matches found

CVE
CVE
added 6 days ago7 views

CVE-2026-48944

Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...

6.5CVSS5.9AI score0.00295EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 11:48 a.m.8 views

EUVD-2016-10877

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

6.9CVSS5.6AI score0.00671EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/06 5:48 a.m.80 views

Exploit for Path Traversal in Open-Emr Openemr

CVE-2026-24849 OpenEMR Authenticated Arbitrary File Read Eth...

9.9CVSS5.6AI score0.02164EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:32 p.m.7 views

CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/26 2:8 p.m.10 views

CVE-2026-41917 OpenKM 6.3.12 Local File Inclusion via Admin Scripting

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

6.9CVSS5.9AI score0.00387EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-42024

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

6.8CVSS6.5AI score0.00621EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/18 1:26 p.m.6 views

Symlink Attack

Overview apm-cli is a MCP configuration tool Affected versions of this package are vulnerable to Symlink Attack during the integration when symbolic links under certain directories are dereferenced and their target file contents are copied into project deployment directories. An attacker can acce...

7.5CVSS5.5AI score0.00654EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.6 views

Juniper Junos OS Vulnerability (JSA92860)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA92860 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface CLI of Juniper Networks Junos OS on SRX Series devices allows a...

6.8CVSS5.7AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-W8M4-4V35-V6X3 uutils coreutils allows unauthorized modification of permissions on existing files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/21 9:9 p.m.37 views

CVE-2026-6829 nesquena hermes-webui Arbitrary Workspace Directory Access

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

6.3CVSS0.0026EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained security vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the local root directory of the tool’s result media path, allowing arbitra...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/09 9:2 p.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the helm pull --untar chart URL | repo/chartname command. An attacker can cause files to be written to unintended directories, potentially overwriting existing files or placing malicious files in accessible...

4.8CVSS6.3AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 6:3 p.m.3 views

Directory Traversal

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal via the handling of .map files in the dev server when resolving file paths. An attacker can access sensitive files outside the project root by injecting...

6.3CVSS6.5AI score0.00914EPSS
Exploits1References2
OSV
OSV
added 2026/03/24 4:35 p.m.3 views

GHSA-4753-CMC8-8J9V GoDoxy has a Path Traversal Vulnerability in its File API

Summary The file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath = "config" a relative path. No sanitization or validation is applied beyond checking that...

6.5CVSS5.9AI score0.00502EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/09 9:8 p.m.2 views

CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6CVSS5.8AI score0.00732EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 10:16 p.m.6 views

CVE-2026-29611

OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...

8.2CVSS0.00292EPSS
Exploits0References3
Veracode
Veracode
added 2026/02/23 7:51 a.m.7 views

Insecure Direct Object Reference (IDOR)

pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper authorization checks on file access endpoints, which allows an attacker to retrieve sensitive files of other users by supplying a known UUID...

7CVSS6AI score0.00226EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/12 3:33 p.m.22 views

CVE-2026-26217

CVE-2026-26217 affects Crawl4AI

9.2CVSS5.9AI score0.00609EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/11 8:37 p.m.26 views

CVE-2020-37214 Voyager 1.3.0 - Directory Traversal

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files...

8.7CVSS0.00611EPSS
Exploits0References5
Rows per page
Query Builder