Lucene search
K

16 matches found

Cvelist
Cvelist
added 2026/04/24 6:50 p.m.34 views

CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

7.6CVSS0.00306EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 9:16 p.m.5 views

CVE-2026-6823

HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...

8.3CVSS0.00341EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:36 p.m.4 views

CVE-2026-6823

HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...

8.3CVSS5.9AI score0.00341EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.16 views

PT-2026-34183

HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allow from = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...

8.3CVSS5.9AI score0.00341EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-52777

Malicious code in bioql PyPI...

8.3CVSS8.1AI score0.00903EPSS
Exploits0References3
Veracode
Veracode
added 2025/06/02 12:3 p.m.9 views

Unauthorized File Disclosure

mcp-markdownify-server is vulnerable to Unauthorized File Disclosure. The vulnerability is due to improper access control due to the get-markdown-file tool allowing external prompts to read arbitrary files from the host system...

8.2CVSS6.7AI score0.00325EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 8:24 p.m.7 views

CVE-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS6.7AI score0.00903EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/15 9:13 a.m.77 views

Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...

9.8CVSS9.4AI score0.99298EPSS
Exploits63Affected Software1
NVD
NVD
added 2022/09/02 9:15 p.m.31 views

CVE-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS0.00903EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-20588 · Grafana · Grafana

Name of the Vulnerable Software and Affected Versions: Grafana versions prior to 3.6.1 Description: An unauthorized file disclosure issue was identified in Grafana, allowing a malicious user to retrieve unauthorized files under certain network conditions or via a fake datasource, particularly if...

8.3CVSS7.7AI score0.00903EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.25 views

FreeBSD : Grafana -- Unauthorized file disclosure (827b95ff-290e-11ed-a2e7-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 827b95ff-290e-11ed-a2e7-6c3be5272acd advisory. - Grafana Labs reports: On July 21, an internal security review identified an unauthorized file...

8.3CVSS7.7AI score0.00903EPSS
Exploits0References3
Grafana
Grafana
added 2022/08/30 12:0 a.m.10 views

Grafana Image Renderer leaking files

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS7.2AI score0.00903EPSS
Exploits0
FreeBSD
FreeBSD
added 2022/07/21 12:0 a.m.38 views

Grafana -- Unauthorized file disclosure

Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files i...

8.3CVSS1.1AI score0.00903EPSS
Exploits0References1
myhack58
myhack58
added 2015/09/09 12:0 a.m.18 views

Security researcher exposure FireEye core product 0day vulnerabilities-vulnerability warning-the black bar safety net

Recently, researchers Kristian Erik Hermansen from the FireEye core product found a 0day vulnerability will result in unauthorized file disclosure. He also provides a short trigger vulnerability of the examples and the user database file copy. In addition, he also disclosed selling three other...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/05/21 12:0 a.m.55 views

Websense TRITON Unauthorized File Disclosure

The version of Websense TRITON running on the remote web server does not properly restrict access to files in the 'explorerwse/' path. A remote attacker, by using a direct request to a Web Security incident report or the Explorer configuration websense.ini file, can thereby gain access to sensiti...

5CVSS5.6AI score0.02272EPSS
Exploits1References3
exploitpack
exploitpack
added 2000/06/26 12:0 a.m.15 views

Flowerfire Sawmill 5.0.21 - File Access

Flowerfire Sawmill 5.0.21 - File Access source: https://www.securityfocus.com/bid/1402/info Sawmill is a site statistics package for Unix, Windows and Mac OS. A specially crafted request can disclose the first line of any world readable file for which the full pathname is known, for example...

0.1AI score
Exploits0
Rows per page
Query Builder