44537 matches found
WordPress WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion vulnerability
Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Ly Hoang in WordPress Plugin WP-Optimize versions = 4.5.2...
WordPress Betheme theme <= 28.4 - Authenticated (Author+) Arbitrary File Upload to Remote Code Execution vulnerability
Authenticated Author+ Arbitrary File Upload to Remote Code Execution vulnerability discovered by Wordfence in WordPress Theme Betheme versions = 28.4...
EUVD-2026-27653
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...
Apache Wicket has a Path Traversal issue
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...
CVE-2026-43975
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...
CVE-2026-43975
CVE-2026-43975 affects Apache Wicket via the FolderUploadsFileManager, which fails to validate or sanitize the uploadFieldId parameter or the clientFileName when constructing file paths. This can let an unauthenticated attacker write files outside the intended upload directory or read files from ...
CVE-2026-6344
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
CVE-2026-6344 Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
EUVD-2026-27536
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
CVE-2026-6344
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
CVE-2026-6344
CVE-2026-6344 affects the WordPress Fluent Forms plugin (versions ≤ 6.2.1). The vulnerability arises in EmailNotificationActions::getAttachments() where attacker-supplied file-upload URLs are resolved to filesystem paths without strictly enforcing the uploads directory boundary. Path traversal se...
SUSE CVE-2026-44029
An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...
PT-2026-37432
Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket versions 9.0.0 through 9.22.0 Apache Wicket versions 10.0.0 through 10.8.0 Description FolderUploadsFileManager fails to validate or sanitize the uploadFieldId parameter or the...
Apache Wicket 路径遍历漏洞
Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...
PT-2026-37349
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
PT-2026-38255
Name of the Vulnerable Software and Affected Versions Slider Revolution versions 7.0.0 through 7.0.10 Description Insufficient file type validation in the get media url and check file path functions allows authenticated attackers with subscriber-level access or higher to perform an Arbitrary File...
PT-2026-38244
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An arbitrary file read issue exists in the QMD backend memory get function. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths,...
RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3811 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - kubernetes: Incomplete fixes...
RHCOS 4 : OpenShift Container Platform 4.1 jenkins (RHSA-2019:2548)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2548 advisory. - jenkins: Arbitrary file write vulnerability using file parameter definitions SECURITY-1424 CVE-2019-10352 - jenkins: CSRF protecti...
GHSA-HMCX-CH82-3FV2 Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component
Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...