44496 matches found
WordPress Quick Playground plugin <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability
Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by ? in WordPress Plugin Quick Playground versions = 1.3.3...
CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...
CVE-2026-6403
The Quick Playground plugin for WordPress (up to version 1.3.3) is vulnerable to a Path Traversal flaw. The root cause is insufficient validation in the qckply_zip_theme() function, which directly appends a user-controlled 'stylesheet' parameter to the theme root directory path without sanitizing...
CVE-2026-37430
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...
PT-2026-41386
Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...
Adobe Substance 3D Designer <= 15.1.0 Multiple Vulnerabilities (APSB26-52)
The version of Adobe Substance 3D Designer installed on the remote host is prior or equal to 15.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-52 advisory. - Substance3D - Designer versions 15.1.0 and earlier are affected by a Server-Side Request Forgery...
APM – Agent Package Manager 路径遍历漏洞
APM – Agent Package Manager is an AI-based dependency management tool open sourced by Microsoft. Versions of APM prior to 0.13.0 contained a path traversal vulnerability. This vulnerability stemmed from a Windows-specific archive extraction boundary failure. When using apm install with Python 3.1...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the export process. An attacker can write files to arbitrary locations on the filesystem by uploading an asset with a crafted filename containing directory traversal sequences and then triggering an administrator...
CVE-2026-31156
A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...
CVE-2026-44522
Vulnerability summary (CVE-2026-44522) Note Mark up to 0.19.3 allows authenticated users to upload assets with a crafted X-Name header containing directory traversal. The asset name is stored in the database without validation, and is later passed directly to filepath.Join()/path.Join() during ex...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...
Arbitrary File Read And Write
Incus is vulnerable to arbitrary file read and write. The vulnerability is due to improper enforcement of the pongo2 chroot isolation mechanism in instance template files, which allows an attacker to bypass filesystem restrictions and perform arbitrary file read/write operations on the host syste...
Directory Traversal
github.com/gtsteffaniak/filebrowser is vulnerable to Directory Traversal. The vulnerability is due to improper sanitization of attacker-controlled path input before path validation, which allows an attacker to use traversal sequences to delete arbitrary files outside the intended shared directory...
Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection
A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...
Directory Traversal
org.springframework.cloud, spring-cloud-config-server is vulnerable to a Directory Traversal. The vulnerability is due to improper validation of specially crafted URL paths in the spring-cloud-config-server module, which allows an attacker to perform a directory traversal attack and access...
GHSA-RPGQ-M5FP-32WR Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Summary Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 symlink into real OS symlinks on the host filesystem via os.Symlink. The only ent...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the ExtractTarGz process. An attacker can write arbitrary files to locations outside the intended extraction directory by submitting a crafted .tar.gz archive containing directory traversal sequences. This is only...
GHSA-M8FG-67J7-CX4V Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Summary Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructed output paths using filepath.Cleanfilepath.JoinoutputDirPath, header.Name. This combination does not...
Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Summary Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructed output paths using filepath.Cleanfilepath.JoinoutputDirPath, header.Name. This combination does not...
NPM: n8n Has an Arbitrary File Read via Git Node
NPM: n8n Has an Arbitrary File Read via Git Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...