Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content o
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory t
Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 pay
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of fi
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attacker
A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files a
Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings b
A cross-site scripting (XSS) vulnerability in Ready_'s File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is execute
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerabil
phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. At
A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system
A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the s
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature.
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can expl
The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the
Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-up
Page 1+ Next →