Lucene search
K

706 matches found

Nuclei
Nuclei
added 7 hours ago23 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1141 Apache Airflow Spark Provider Improper Input Validation vulnerability

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...

7.5CVSS7AI score0.01667EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 11:30 a.m.23 views

CVE-2026-14625

The vulnerability CVE-2026-14625 affects NousResearch hermes-agent up to version 0.15.2. The issue lies in the shell.exec function within tui_gateway/server.py, enabling a remote attack and causing a protection mechanism failure. Public exploit appears to be available. Vendor was notified but did...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54913

Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1 Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix ...

7.1CVSS6.1AI score0.00379EPSS
Exploits0References10
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-350 External Control of File Name or Path in h2oai/h2o-3

Remote unauthenticated attackers can overwrite arbitrary server files with attacker-controllable data. The data that the attacker can control is not entirely arbitrary. h2o writes a CSV/XLS/etc file to disk, so the attacker data is wrapped in quotations and starts with "C1", if they're exporting ...

9.3CVSS7.5AI score0.00715EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-515 Ray Path Traversal vulnerability

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7AI score0.81512EPSS
Exploits22References7
NVD
NVD
added 2026/06/28 5:16 a.m.14 views

CVE-2026-13482

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...

6.3CVSS0.00189EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52980

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.23 Description The local internal-storage backend fails to properly validate user-supplied paths because it checks for directory traversal sequences before converting Windows-style...

7.7CVSS5.9AI score0.00386EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:25 p.m.5 views

CVE-2026-48946

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/23 12:3 a.m.2 views

GHSA-WV27-2VQP-J7G5 Gogs has the ability to import local repositories via Mirror Settings

Summary The Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenticated users to import local repositories. This issue stems from a lack of validation of SaveAddress function. Details Here is the function implementation o...

8.1CVSS5.8AI score0.00569EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.18 views

PT-2026-51459

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An information disclosure issue exists in the Mirror Settings functionality, which allows authenticated users to import local repositories from the server filesystem. This occurs due to a lack o...

8.1CVSS5.8AI score0.00569EPSS
Exploits0References11
CVE
CVE
added 2026/06/18 12:56 p.m.17 views

CVE-2026-54223

UBB.threads is vulnerable to path traversal that allows an attacker with template-edit privileges to read/write arbitrary files on the server, resulting in Remote Code Execution. The vulnerability is confirmed in version 7.7.5 and may affect other versions; no remediation details are provided in ...

8.6CVSS5.5AI score0.00628EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:19 p.m.24 views

CVE-2026-48820 CakePHP: View::element() is missing a path containment check

CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths...

6.3CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.14 views

CVE-2026-10094

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...

9.8CVSS0.0038EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 6:48 a.m.12 views

CVE-2026-10094

CVE-2026-10094 is a path traversal vulnerability in SOLIDWORKS Visualize used with SOLIDWORKS Desktop releases 2024–2026. The underlying flaw permits an attacker to write arbitrary files on the server. Affected product scope is SOLIDWORKS Visualize (with the 2024–2026 desktop releases); no vendor...

9.8CVSS5.4AI score0.0038EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 5:11 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the clearplugincache function. An attacker can cause deletion of arbitrary directories accessible to the server process by supplying crafted input containing directory traversal sequences. This can result in...

7.3CVSS6.5AI score0.0003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.13 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.12 views

CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via t...

6.5CVSS5.5AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 2:41 p.m.35 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS0.00233EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/09 11:18 a.m.7 views

Vite: Vite: Information disclosure via WebSocket connection bypasses access control

A flaw was found in Vite, a frontend tooling framework. A remote attacker can exploit this vulnerability by connecting to the Vite development server's WebSocket without an Origin header. This allows the attacker to invoke the fetchModule function, enabling them to retrieve the contents of...

8.2CVSS5.6AI score0.02907EPSS
Exploits3References5
Rows per page
Query Builder