2383 matches found
Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...
mTheme Unus < 2.3 - Directory Traversal
The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...
CVE-2026-20146
A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...
CVE-2026-20146
Cisco Identity Services Engine (ISE) and ISE-PIC are affected by CVE-2026-20146. The issue stems from improper validation of user-supplied input, enabling a remote, authenticated attacker (with valid administrative credentials) to perform path traversal via a crafted HTTP request and read or dele...
EUVD-2026-44625
n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...
CVE-2026-8920
Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...
CVE-2026-55474 Snipe-IT: Directory traversal in displaySig
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displaySig concatenates the route filename parameter into a private upload-directory path without sanitization, allowing an authenticated attacker to traverse outside the intended directory and read arbitrary...
CVE-2026-59793
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...
EUVD-2026-42911
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...
CVE-2026-59793
CVE-2026-59793 affects JetBrains TeamCity prior to version 2026.1.2. The issue allows arbitrary file access via the Perforce VCS integration, due to the Perforce VCS integration component. Impact is described as high for confidentiality, integrity, and availability. The CVSS vector indicates netw...
CVE-2026-59793
In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...
CVE-2026-23562 Multiple RBAC issues in XAPI
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the /skin/ action endpoint when running on Jetty 12 or later. An attacker can access arbitrary files on the server by crafting a URL containing encoded directory traversal sequences. This is only exploitable if th...
CVE-2026-50135
Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...
perl-Archive-Tar security update
An update is available for perl-Archive-Tar. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Archive::Tar provides an object oriented mechanism for handling tar...
PYSEC-2026-740 Improper Restriction of XML External Entity Reference in trytond and proteus
An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...
Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack
Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...
CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...
RLSA-2026:30856 Important: perl-Archive-Tar security update
Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...