CVE-2026-25559

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can...

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

CVE-2026-11532 imvks786 student_management_system Student Record add.php access control

A weakness has been identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be perform...

EUVD-2026-35094

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

USN-8395-1 netatalk vulnerabilities

Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. CVE-2026-44047 Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion...

USN-8395-1: Netatalk vulnerabilities

Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MySQL CNID backend. A remote authenticated attacker could possibly use this issue to conduct SQL injection attacks. CVE-2026-44047 Arjun Basnet discovered that Netatalk incorrectly handled UCS-2 character set conversion...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the denied function. An attacker can access arbitrary files on the server by supplying crafted input to the filename argument. Details A Directory Traversal attack also known as path traversal aims to access file...

OpenBullet2 路径遍历漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained a path traversal vulnerability. This vulnerability originated from the wordlist endpoint’s path traversal flaw, which could allow authenticat...

PT-2026-47624

Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only read parquet and arc partition agg via regex denylist. The broader DuckDB I/O function family — read csv auto, read csv, read json, read json auto, read text, read blob, glob, parquet metadata, parquet schema,...

Bagisto 路径遍历漏洞

Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Bagisto has a path traversal vulnerability. This vulnerability stems from improper validation of user inputs in the ImageCacheController component. It allows unauthenticated remote attackers to send specially...

CVE-2026-50590

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

CVE-2026-46397

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written in...

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

CVE-2026-43975

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

CVE-2025-41271

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

CVE-2026-25690

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

CVE-2026-41177

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-42780

A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-20168

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...