CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 8:44 a.m.•4 views

CVE-2022-23854

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...

7.5CVSS6.7AI score0.45957EPSS

Exploits5References1

RedhatCVE•added 2026/01/09 8:34 a.m.•10 views

CVE-2024-34082

Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password res...

9.9CVSS6.9AI score0.03071EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:38 a.m.•8 views

CVE-1999-0466

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device...

7.2CVSS6.8AI score0.00348EPSS

OSV•added 2025/12/19 3:31 p.m.•3 views

GHSA-R2H2-G46H-8MX8 pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS6.7AI score0.00226EPSS

Exploits0References4

5.5CVSS5.7AI score0.03122EPSS

EUVD-2017-12291

Malware in sbrugna...

Exploits0References10

7.2CVSS6.4AI score0.00577EPSS

EUVD-1999-0127

Malware in sbrugna...

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-0120

Malware in sbrugna...

2.1CVSS6.4AI score0.00318EPSS

2.6CVSS6.1AI score0.00302EPSS

EUVD-2006-5200

Malware in sbrugna...

Exploits0References9

6.3CVSS4.8AI score0.00451EPSS

EUVD-2011-1150

Malware in sbrugna...

Exploits1References4

5.5CVSS7.4AI score0.00278EPSS

EUVD-2017-5354

Malware in sbrugna...

Vulnrichment•added 2025/05/22 9:59 a.m.•7 views

CVE-2025-4280 TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

4.8CVSS6.8AI score0.00148EPSS

Exploits0References5

RedhatCVE•added 2025/05/21 8:39 p.m.•6 views

CVE-2003-1575

VERITAS File System VxFS 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissio...

4.6CVSS6.8AI score0.00285EPSS

SUSE CVE•added 2023/02/15 4:30 a.m.•1 views

SUSE CVE-2018-6109

readAsText can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page...

6.5CVSS8.6AI score0.01414EPSS

Exploits0References6

CNNVD•added 2021/08/24 12:0 a.m.•3 views

Apple tvOS 安全漏洞

Apple tvOS is an operating system for smart TVs from Apple. A security vulnerability exists in Apple tvOS, which is caused by an application that can access a user's files. The following products and versions are affected: iPhone 6s and above, iPad Pro all models, iPad Air 2 and above, iPad 5 and...

5.5CVSS5.7AI score0.00843EPSS

Exploits0References11

CNVD•added 2019/01/14 12:0 a.m.•2 views

Google Chrome Information Disclosure Vulnerability (CNVD-2019-03548)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in Google Chrome prior to version 66.0.3359.117, which originates in the File API, where the 'readAsText' function reads a user-selected file multiple times. The vulnerability can be...

6.5CVSS8.8AI score0.01414EPSS

Hacker One•added 2017/08/08 8:58 p.m.•20 views

Nextcloud: Access to all files of remote user through shared file

Steps to reproduce 1. User A shares a file "movie.mp4" with user B. 2. User B uses webdav to access files e.g. foldersync or nautilus 3. share is shown as regular file using webdav. 4. Copy the file and paste it to the same folder still using webdav. 5. A new folder will appear with the name...

0.7AI score

Exploits0

Tenable Nessus•added 2004/07/31 12:0 a.m.•26 views

Mandrake Linux Security Advisory : gdm (MDKSA-2003:085)

Several vulnerabilities were discovered in versions of gdm prior to 2.4.1.6. The first vulnerability is that any user can read any text file on the system due to code originally written to be run as the user logging in was in fact being run as the root user. This code is what allows the examinati...

5CVSS5.5AI score0.0143EPSS

Exploits0References3

Cvelist•added 2003/06/20 4:0 a.m.•15 views

CVE-2003-0448

Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the 1 -c host file or 2 -l log file command line options...

6.6AI score0.00324EPSS