Lucene search
+L

626 matches found

nuclei
nuclei
added yesterday64 views

PaperCut < 22.1.3 - Path Traversal

PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. id: CVE-2023-39143 info: name: PaperCut 22.1.3 - Path Traversal author: pdteam severity: critical description: PaperCut NG and PaperCut MF before 22.1.3...

9.8CVSS7.2AI score0.78696EPSS
Exploits1References5
nuclei
nuclei
added yesterday33 views

Joomla! Component Percha Fields Attach 1.0 - Directory Traversal

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...

7.5CVSS6.2AI score0.1321EPSS
Exploits1References4
euvd
euvd
added 2 days ago4 views

EUVD-2026-44608

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score0.00413EPSS
Exploits0References3
mscve
mscve
added 3 days ago11 views

Microsoft Office Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

5.5CVSS6.1AI score0.0039EPSS
Exploits0
ptsecurity
ptsecurity
added 3 days ago5 views

PT-2026-58652

Name of the Vulnerable Software and Affected Versions Windows RDP affected versions not specified Description An out-of-bounds read occurs in Windows RDP, which allows an unauthorized attacker to disclose sensitive information over a network. Recommendations At the moment, there is no information...

6.5CVSS6AI score0.00887EPSS
Exploits0References5
redhatcve
redhatcve
added 4 days ago5 views

CVE-2026-58251

A flaw was found in NATS Server, a high-performance messaging system. An authenticated user with specific permissions could bypass security rules designed to deny access to certain message subjects. This bypass occurs when a queue subscription is used, allowing the user to access information that...

6.5CVSS6AI score0.00463EPSS
Exploits0References10
redhatcve
redhatcve
added last week10 views

CVE-2026-59152

A flaw was found in the LangSmith Client SDK's TracingMiddleware. An attacker can send an HTTP request to a server running the TracingMiddleware, causing it to read an arbitrary file from its local filesystem. The contents of this file are then uploaded to LangSmith as a trace attachment. This...

5CVSS6.1AI score0.00174EPSS
Exploits0References4
euvd
euvd
added 2026/07/08 7:34 p.m.6 views

EUVD-2026-42367

Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain another user's vault key and a victim-scoped access token by creating a Trusted Device Encryptio...

9.3CVSS6AI score0.00186EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/07/06 8:44 p.m.6 views

CVE-2026-8926

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS5.8AI score0.0061EPSS
Exploits1References6
osv
osv
added 2026/07/06 8:28 p.m.9 views

GHSA-X76W-8C62-48MG Craft CMS: Authenticated "assets/preview-thumb" discloses signed fallback transform preview link to CP users without asset-view permission

Summary A user with Control Panel access but without permission to view a target private asset can call assets/preview-thumb and receive preview HTML that contains a signed fallback transform link for that private asset. Details Root-cause analysis: 1. The endpoint accepts an attacker-controlled...

5.3CVSS6AI score0.00193EPSS
Exploits0References3
euvd
euvd
added 2026/07/03 8:35 p.m.12 views

EUVD-2026-41599

Operation on a resource after expiration or release in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

6.1CVSS5.9AI score0.00586EPSS
Exploits0References1
euvd
euvd
added 2026/07/03 8:35 p.m.8 views

EUVD-2026-41573

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...

6.8CVSS5.8AI score0.00323EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/07/03 4:41 p.m.10 views

CVE-2026-56369

A vulnerability has been identified in ImageMagick, a software tool used to create, edit, and convert image files. This flaw allows a remote attacker to potentially decrypt and view images that were supposed to be securely encrypted by the software, leading to an unauthorized disclosure of...

6.3CVSS5.9AI score0.00229EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/07/01 10:20 p.m.7 views

CVE-2026-53467

A flaw was found in ImageMagick. The MNG decoder in ImageMagick contains a heap information disclosure vulnerability. This flaw could allow an attacker to potentially access sensitive information from memory due to parts of image pixels being left unchanged during processing. This could lead to...

5.3CVSS5.6AI score0.00197EPSS
Exploits0References4
nvd
nvd
added 2026/07/01 5:16 p.m.10 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
cve
cve
added 2026/07/01 11:58 a.m.21 views

CVE-2026-53903

CVE-2026-53903 affects MCO via the insecure endpoint /customer/servlet/mco/webapi/trading-document/fetchPdfStatement. The underlying issue is an IDOR: the app does not properly validate that an authenticated user is authorized to access a requested document, allowing retrieval based on a user-sup...

8.1CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/01 7:53 a.m.10 views

EUVD-2026-40937

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
redhat
redhat
added 2026/06/29 9:13 a.m.3 views

github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal CWE-61, allows an attacker to read arbitrary files on the host system by...

8.2CVSS6.1AI score0.00208EPSS
Exploits0References5
nvd
nvd
added 2026/06/25 4:16 p.m.7 views

CVE-2026-9651

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

6.7CVSS0.00109EPSS
Exploits0References1
cve
cve
added 2026/06/25 2:47 p.m.17 views

CVE-2026-9651

Technical details about CVE-2026-9651 are not provided in the supplied documents. Public sources summarize CWE-732; monitor for updates from NVD, CVE listings, and vuln enrichment feeds.

6.7CVSS5.8AI score0.00109EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder