Lucene search
K

5689 matches found

Nuclei
Nuclei
added 18 hours ago32 views

Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

7.5CVSS6AI score0.15722EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago24 views

Joomla! Component Percha Fields Attach 1.0 - Directory Traversal

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...

7.5CVSS6AI score0.1321EPSS
Exploits1References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-40373

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS6AI score
Exploits0References4
Nuclei
Nuclei
added yesterday29 views

Joomla! Component BeeHeard 1.0 - Local File Inclusion

A directory traversal vulnerability in the BeeHeard combeeheard and BeeHeard Lite combeeheardlite component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1952 info: name: Joomla! Component BeeHeard 1.0 - Loc...

7.5CVSS6AI score0.12991EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday33 views

CentralSquare CryWolf - Path Traversal

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf False Alarm Management through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. id: CVE-2024-45241 info:...

7.5CVSS7.3AI score0.13623EPSS
Exploits1References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40170

Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem...

7.5CVSS5.8AI score0.00711EPSS
Exploits2References3
Nuclei
Nuclei
added 3 days ago10 views

Samsung MagicINFO 9 Server - File Upload & Remote Code Execution

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. id: CVE-2025-4632 info: name: Samsung MagicINFO 9 Server - File Upload & Remote Code Execution author: s4e-i...

9.8CVSS7.7AI score0.23953EPSS
Exploits4References4
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-57872 GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

7.5CVSS0.00969EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51019

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References9
CISA
CISA
added 2026/06/15 12:0 p.m.92 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20262link is external Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420link is external LiteSpeed cPanel Plugin UNIX...

8.5CVSS5.4AI score0.07683EPSS
In wildExploits5References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:28 p.m.6 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...

7.5CVSS6.9AI score0.01916EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Apple macOS 路径遍历漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a path traversal vulnerability. This vulnerability stemmed from parsing issues with directory path handling, which could allow...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Perry 路径遍历漏洞

Perry is a tool developed by Perry OpenSource that compiles TypeScript into native executable files. Versions of Perry prior to 0.5.1159 contained a path traversal vulnerability. This vulnerability allows malicious attackers to write arbitrary content to any writable location within the running...

8.6CVSS5.4AI score0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:21 p.m.7 views

CVE-2026-34657 CAI Content Credentials | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS5.6AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:19 a.m.34 views

CVE-2026-24315

SAP Fiori Launchpad is affected by a vulnerability where crafted malicious URLs can trigger arbitrary service calls on the Fiori domain, potentially leading to credential theft after user interaction. Exploitation is described as requiring advanced knowledge of the system, with impact limited to ...

4.2CVSS5.6AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Microsoft Office Sharepoint Server 路径遍历漏洞

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a path traversal vulnerability present in Microsoft Office SharePoint. Attackers can exploit this vulnerability to execute code remotely. The following...

8.8CVSS7.1AI score0.0163EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Apptha Mac Photo Gallery 路径遍历漏洞

Apptha Mac Photo Gallery is a PHP-based website image display system developed by Apptha Corporation. Version 3.0 of Apptha Mac Photo Gallery has a path traversal vulnerability. This vulnerability stems from improper handling of the albid parameter, allowing unauthenticated attackers to download...

8.7CVSS5.5AI score0.00641EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

Adobe CAI Content Credentials 路径遍历漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc. in the United States. It offers capabilities for authenticating digital content sources and tracking editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1...

5.5CVSS5.6AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

7.5CVSS6.8AI score0.00519EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.8 views

CVE-2026-35487

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS5.5AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder