Lucene search
K

2552 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-44551

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

9.9CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44549

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

6.8CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48310

Adobe Experience Manager (AEM) is affected by an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal, CWE-22) vulnerability that could enable arbitrary file system read. The issue arises from an improper pathname restriction, allowing access to sensitive files outside the ...

8.6CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-48359

Adobe Experience Manager is affected by an XML External Entity (XXE) vulnerability (CVE-2026-48359) due to improper restriction of XML External Entity references. It could allow a low-privileged attacker to read sensitive files and potentially gain elevated access or control, with arbitrary code ...

9.6CVSS6.5AI score
Exploits0References1
Nuclei
Nuclei
added yesterday190 views

qdPM 9.2 - Directory Traversal

qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. id: CVE-2023-45855 info: name: qdPM 9.2 - Directory Traversal author: DhiyaneshDk severity: high description: | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to t...

7.5CVSS7AI score0.0333EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday60 views

VertaAI ModelDB - Path Traversal

The endpoint "/api/v1/artifact/getArtifact?artifactpath=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifactpath parameter. id: CVE-2023-6023 info: name: VertaAI ModelDB - Path Traversal author:...

8.6CVSS7AI score0.02999EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday205 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7AI score0.03757EPSS
Exploits1
Nuclei
Nuclei
added yesterday95 views

Commvault CommCell - Local File Inclusion

CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. id: CVE-2020-25780 info: name: Commvault...

7.5CVSS7AI score0.09884EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday36 views

FHEM 6.0 - Local File Inclusion

FHEM version 6.0 suffers from a local file inclusion vulnerability. id: CVE-2020-19360 info: name: FHEM 6.0 - Local File Inclusion author: 0xAkoko severity: high description: FHEM version 6.0 suffers from a local file inclusion vulnerability. impact: | Successful exploitation of this vulnerabilit...

7.5CVSS7AI score0.19722EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday68 views

Traggo Server - Local File Inclusion

traggo/server version 0.3.0 is vulnerable to directory traversal. id: CVE-2023-34843 info: name: Traggo Server - Local File Inclusion author: DhiyaneshDk severity: high description: | traggo/server version 0.3.0 is vulnerable to directory traversal. impact: | Successful exploitation of this...

7.5CVSS7AI score0.07176EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

8.2CVSS6.1AI score0.02095EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday42 views

WordPress Plugin WP Content Source Control - Directory Traversal

A directory traversal vulnerability in the filegetcontents function in downloadfiles/download.php in the WP Content Source Control wp-source-control plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the path parameter. id: CVE-2014-5368 inf...

5CVSS7.2AI score0.18817EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday139 views

WordPress Mail Masta 1.0 - Local File Inclusion

WordPress Mail Masta 1.0 is susceptible to local file inclusion in countofsend.php and csvexport.php. id: CVE-2016-10956 info: name: WordPress Mail Masta 1.0 - Local File Inclusion author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file...

7.5CVSS7AI score0.10178EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday74 views

VMware - Local File Inclusion

VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access withou...

9.8CVSS7.1AI score0.18994EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday97 views

FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

5CVSS6.2AI score0.08761EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday8 views

ionCube Tester Plus <= 1.3 - Local File Inclusion

The ionCube Tester Plus plugin for WordPress versions = 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without...

7.5CVSS6.2AI score0.01609EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday10 views

XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

8.7CVSS6.9AI score0.01378EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday86 views

Clustering Local File Inclusion

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. id: CVE-2021-43496 inf...

7.5CVSS7.2AI score0.15689EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday68 views

WordPress Ninja Job Board < 1.3.3 - Direct Request

WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes. id: CVE-2022-2544...

7.5CVSS7AI score0.03158EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday85 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02998EPSS
Exploits1References5
Rows per page
Query Builder