Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/02/03 10:1 p.m.29 views

CVE-2020-37086 Easy Transfer 1.7 for iOS - Directory Traversal

Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download...

6.9CVSS0.00499EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.9 views

CVE-2020-7953

An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files e.g., /etc/passwd due to the use of the nmap -iL aka input file option...

7.5CVSS6.8AI score0.01165EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.2 views

N8n < 1.121.0 Remote Code Execution (Ni8mare)

According to its banner, the version of n8n running on the remote host is before 1.121.0. It is, therefore, affected by an unauthentcated file access vulnerability which can leads to remote code execution. Note that the scanner has not tested for these issues but has instead relied only on the...

10CVSS7.7AI score0.71647EPSS
Exploits18References3
OSV
OSV
added 2026/01/07 11:57 p.m.4 views

CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

10CVSS6.6AI score0.71647EPSS
Exploits18References4
Github Security Blog
Github Security Blog
added 2026/01/07 7:20 p.m.25 views

n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system...

10CVSS7.1AI score0.71647EPSS
Exploits18References4Affected Software1
NVD
NVD
added 2025/09/02 12:15 p.m.6 views

CVE-2025-52551

E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system...

9.3CVSS0.00324EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.6 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.3CVSS6.3AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:8 a.m.9 views

CVE-2024-45309

OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9...

8.7CVSS6.8AI score0.24822EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.5 views

PT-2024-31802 · Aiphone · Aiphone Ixg System

Name of the Vulnerable Software and Affected Versions: AIPHONE IX SYSTEM affected versions not specified AIPHONE IXG SYSTEM affected versions not specified System Support Software affected versions not specified Description: A use of hard-coded cryptographic key issue exists, allowing a...

5.4CVSS7.2AI score0.00325EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.34 views

Security Bulletin: Multiple vulnerabilities in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities exist in IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000. Vulnerability Details CVEID: CVE-2018-1433 DESCRIPTION: IBM SAN Volume Controller, IBM...

8.8CVSS7.6AI score0.02658EPSS
Exploits3Affected Software7
WPVulnDB
WPVulnDB
added 2022/10/20 12:0 a.m.26 views

Welcart eCommerce < 2.7.8 - Unauthenticated Arbitrary File Access

The plugin does not validate user input used in a path, which could allow unauthenticated users to read arbitrary files via a traversal attack...

9.8CVSS5AI score0.05116EPSS
Exploits2Affected Software1
Prion
Prion
added 2021/02/16 4:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...

5CVSS6.5AI score0.01249EPSS
Exploits0References3Affected Software4
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.54 views

XCloner Wordpress/Joomla! backup Plugin v3.1.1 &#40;Wordpress&#41; v3.5.1 &#40;Joomla!&#41; Vulnerabilities

Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...

7.7AI score
Exploits0
Metasploit
Metasploit
added 2011/12/16 5:9 a.m.26 views

Novell eDirectory eMBox Unauthenticated File Access

This module will access Novell eDirectory's eMBox service and can run the following actions via the SOAP interface: GETDN, READLOGS, LISTSERVICES, STOPSERVICE, STARTSERVICE, SETLOGFILE. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS0.4AI score0.58179EPSS
Exploits3
Rows per page
Query Builder