6483 matches found
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
Summary A path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token,...
CVE-2026-2753
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful...
CVE-2026-29059
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...
CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...
CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...
CVE-2026-29059
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-29039
Changedetection.io prior to 0.54.4 is vulnerable to an Arbitrary File Read via XPath in include_filters, where unparsed-text() can read files accessible to the application. Affected component is the XPath-based content filter processing using the elementpath parser. Impact includes reading sensit...
CVE-2026-29039 changedetection.io: XPath - Arbitrary File Read via unparsed-text()
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the includefilters field. These XPath expressions are processed using the elementpath library which...
CVE-2026-28679 HomeGallery: Path Traversal (Arbitrary File Read)
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...
CVE-2026-28679 HomeGallery: Path Traversal (Arbitrary File Read)
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...
CVE-2026-28679
Home-Gallery.org is a self-hosted web gallery. Prior to version 1.21.0, download requests could access files outside the media source directory, allowing retrieval of sensitive system files. The issue is fixed in version 1.21.0. CVSS 3.1 base score: 8.6 (NETWORK, HIGH, Privileges NONE, User Inter...
CVE-2026-28679 HomeGallery: Path Traversal (Arbitrary File Read)
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Prior to version 1.21.0, when a user requests a download, the application does not verify whether the requested file is located within the media source directory, which can result in sensitive system...
Linux Distros Unpatched Vulnerability : CVE-2026-0847
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including...
CVE-2026-29611
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...
CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...
EUVD-2026-9935
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...
CVE-2026-29611 OpenClaw < 2026.2.14 - Local File Inclusion via mediaPath Parameter in BlueBubbles Media Handling
OpenClaw versions prior to 2026.2.14 contain a local file inclusion vulnerability in BlueBubbles extension must be installed and enabled media path handling that allows attackers to read arbitrary files from the local filesystem. The sendBlueBubblesMedia function fails to validate mediaPath...
CVE-2026-29611
OpenClaw vulnerability in BlueBubbles extension media path handling affects OpenClaw versions prior to 2026.2.14. The sendBlueBubblesMedia function fails to validate mediaPath against an allowlist, allowing local file inclusion and reading arbitrary files from the host (e.g., /etc/passwd) to be e...