Lucene search
K

45 matches found

Nuclei
Nuclei
added 10 hours ago23 views

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. id: CVE-2025-31131 info: name: Yeswiki 4.5.2 - Unauthenticated Path Traversal author: iamnoooob,rootxharsh,pdresearch severity: high...

8.6CVSS7.5AI score0.05401EPSS
Exploits6References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49525

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...

9.6CVSS5.2AI score0.0034EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 10:32 a.m.7 views

EUVD-2026-36234

Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue has been fixed in version 11.6.0...

8.3CVSS5.5AI score0.00204EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.12 views

UniFi Network Application Path Traversal Vulnerability Assessment Tool

This tool lets you safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557 without causing any disruption. CVE-2026-22557 is an unauthenticated path traversal vulnerability in the UniFi Network Application's guest captive portal that allows remote attackers to...

10CVSS6.2AI score0.15601EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/29 8:20 p.m.93 views

Exploit for CVE-2026-22557

CVE-2026-22557 Vulnerability Assessment Tool Safely detect wh...

10CVSS6.3AI score0.15601EPSS
Exploits3
Cvelist
Cvelist
added 2026/05/11 9:17 p.m.60 views

CVE-2026-42564 jotty·page: Unauthenticated Path Traversal leads to sensitive file disclosure and session-token reuse impact

jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/filename. The filename route parameter is joined into a filesystem path without traversal/boundary validation, allowing file reads outside...

8.2CVSS0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.27 views

EUVD-2026-28587

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...

8.8CVSS5.9AI score0.15653EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a security vulnerability. This vulnerability stemmed from the identifier parameter in/api/app/attachment/preview, where...

8.8CVSS6.1AI score0.15653EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-38959

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description An unauthenticated path traversal issue exists in the '/api.app/attachment/preview' endpoint. This allows remote attackers to read arbitrary local files and trigger the deletio...

8.8CVSS6AI score0.17015EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/10 7:30 p.m.5 views

EUVD-2026-21517

Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read...

8.2CVSS5.9AI score0.00333EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 9:16 a.m.5 views

CVE-2026-6057

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution...

6.1AI score0.00927EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/10 9:16 a.m.11 views

CVE-2026-6057

CVE-2026-6057 affects FalkorDB Browser 1.9.3 through an unauthenticated path traversal in the file upload API, allowing remote attackers to write arbitrary files and achieve remote code execution. The issue is confirmed by multiple sources (NVD/ENISA/CVE lists) and is described in PT-Security as ...

9.8CVSS6.1AI score0.00927EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

Text Generation Web UI 安全漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developers. Versions of Text Generation Web UI prior to 4.3 contained security vulnerabilities. These vulnerabilities stemmed from an unauthenticated path traversal vulnerability in the loadgrammar function, whi...

7.5CVSS5.8AI score0.00677EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/06 7:11 a.m.95 views

CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS0.02584EPSS
Exploits0References2
OSV
OSV
added 2026/01/12 5:15 p.m.11 views

PYSEC-2026-90

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

9.1CVSS5.9AI score0.19213EPSS
Exploits2References2
NVD
NVD
added 2025/11/26 1:16 a.m.5 views

CVE-2025-66251

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz...

9.1CVSS0.00426EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2020-3206

Malware in sbrugna...

9.8CVSS7.7AI score0.01446EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/16 9:58 a.m.9 views

CVE-2024-26293

The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...

8.7CVSS6.3AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2025/07/14 10:15 a.m.6 views

CVE-2024-26293

The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...

8.7CVSS0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/14 9:18 a.m.2 views

CVE-2024-26293 Unauthenticated Path Traversal affecting Avid NEXIS

The Avid Nexis Agent uses a vulnerable gSOAP version. An undocumented vulnerability impacting gSOAP v2.8 makes the application vulnerable to an Unauthenticated Path Traversal vulnerability. This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS...

8.7CVSS7.1AI score0.0035EPSS
Exploits0References3
Rows per page
Query Builder