Lucene search
K

2556 matches found

Snyk
Snyk
•added 2026/06/18 5:25 p.m.•9 views

Symlink Attack

Overview Crawl4AI is a šŸš€šŸ¤– Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Symlink Attack via the download process. An attacker can overwrite arbitrary files with attacker-controlled content by supplying crafted filenames containing...

9.6CVSS6.3AI score0.00502EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/16 2:34 p.m.•13 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal via the nltk.data.load function. An attacker can access arbitrary files on the local filesystem by supplying specially...

8.7CVSS6.5AI score0.00378EPSS
Exploits1References2
Nuclei
Nuclei
•added 2026/06/16 7:13 a.m.•142 views

Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

9.8CVSS8.3AI score0.99983EPSS
Exploits5References5
Nuclei
Nuclei
•added 2026/06/16 7:13 a.m.•138 views

SolarWinds Serv-U - Directory Traversal

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. id: CVE-2024-28995 info: name: SolarWinds Serv-U - Directory Traversal author: DhiyaneshDK severity: high description: | SolarWinds Serv-U was susceptibl...

8.6CVSS8.3AI score0.99614EPSS
Exploits8References3
Nuclei
Nuclei
•added 2026/06/16 7:13 a.m.•110 views

Adobe ColdFusion - Arbitrary File Read

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary...

7.4CVSS8AI score0.98514EPSS
Exploits7References5
OSV
OSV
•added 2026/06/15 5:17 p.m.•12 views

GHSA-FX2H-PF6J-XCFF vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits2References3
NVD
NVD
•added 2026/06/15 2:16 p.m.•11 views

CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS0.00688EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/15 12:0 p.m.•10 views

EUVD-2016-10891

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

6.9CVSS5.4AI score0.00778EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•20 views

PT-2026-49217

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

6.9CVSS5.4AI score0.00778EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•20 views

PT-2026-49214

WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete backup file and download backup file parameters in tools.php. Attackers can exploit insufficient input validation...

8.7CVSS5.5AI score0.00601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/06/15 12:0 a.m.•14 views

PT-2026-49216

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS5.4AI score0.00688EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/12 8:35 p.m.•14 views

Malicious code in jextic-eclib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...

5.5AI score
Exploits0References1
OSV
OSV
•added 2026/06/12 8:35 p.m.•25 views

MAL-2026-5712 Malicious code in jextic-eclib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13a6476409b9cb9296b7f778be375081c8ad12b030658351092e9fef90f4b707 On npm install, the package's postinstall hook postinstall.js requires index.js, whose top-level scanAndExfiltrate call walks the installer's working...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/12 2:35 p.m.•9 views

CVE-2026-41843

A flaw was found in Spring Framework. Specifically, Spring MVC and WebFlux applications are vulnerable to a Path Traversal attack. This vulnerability allows a remote attacker to access sensitive files or directories on the server by manipulating requests for static resources. The successful...

5.9CVSS5.3AI score0.00341EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
•added 2026/06/11 12:53 p.m.•14 views

Malicious code in goreleaser-run (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2733e0c086915d44eb8c971575087d9260bf1133d62da63920b578cf7e60c30 Package impersonates the legitimate goreleaser tool name goreleaser-run, homepage spoofed to https://goreleaser.org; goreleaser is not officially...

5.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/10 11:12 p.m.•11 views

Directory Traversal

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.2AI score0.00128EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•11 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 2:16 p.m.•18 views

CVE-2026-52755

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS0.00215EPSS
Exploits1References2
Cvelist
Cvelist
•added 2026/06/10 12:41 p.m.•40 views

CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS0.00215EPSS
Exploits1References2
Cvelist
Cvelist
•added 2026/06/10 3:14 a.m.•39 views

CVE-2026-24717 QTS, QuTS hero

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

5.1CVSS0.00392EPSS
Exploits0References1
Rows per page
Query Builder