CVE-2026-39859 LiquidJS has a renderFile() / parseFile() bypass configured root and allow arbitrary file read

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...

CVE-2026-39859

LiquidJS (liquidjs) has a path traversal vulnerability in renderFile()/parseFile() where top-level file loads do not enforce the configured root boundary, allowing access to arbitrary local files when root is empty. Affected versions are before 10.25.3; the issue is fixed in 10.25.3 (per NVD/Red ...

CVE-2026-30817

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

CVE-2026-30817 Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53

An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

CVE-2026-30817

CVE-2026-30817 describes an external configuration control vulnerability in the OpenVPN module of TP-Link AX53 (v1.0) that could allow an authenticated adjacent attacker to read arbitrary files when processing a malicious configuration file. The effect is potential unauthorized access to sensitiv...

CVE-2026-30816 Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

CVE-2026-30816

The CVE-2026-30816 entry details an external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0. An authenticated adjacent attacker can read arbitrary files when a malicious configuration file is processed, potentially leading to unauthorized access to sensitive dat...

Exploit for CVE-2026-39363

CVE-2026-39363 Vite Dev Server WebSocket Arbitrary File Read...

EUVD-2026-20611

LiquidJS: renderFile / parseFile bypass configured root and allow arbitrary file read...

GHSA-V273-448J-V4QJ LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read

liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...

LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read

liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...

Security Bulletin: Arbitrary File Read, SSRF, and Code Execution Vulnerabilities in TensorFlow Keras Model Loading (v2.13) affects watsonx.data

Summary A vulnerability in TensorFlow Keras v2.13 allows malicious .keras model files to trigger arbitrary local file reads, Server-Side Request Forgery SSRF, and potential code execution during model loading—even when safemode=True is enabled. The issue arises from improper handling of external...

Emmett has a path traversal in internal assets handler

The RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files outside the assets directory...

GHSA-F4F9-627C-JH33 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

Summary objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storage path. The vulnerable GIF branch could be abused to read local...

VulnCheck KEV: CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

PYSEC-2026-59

Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets /emmett paths is vulnerable to path traversal attacks. An attacker can use ../ sequences eg /emmett/../rsgi/handlers.py to read arbitrary files...

CVE-2026-39345

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This...

CVE-2026-39363

CVE-2026-39363 affects Vite Dev Server. The WebSocket-based fetchModule RPC can be invoked without an Origin header, bypassing HTTP path access checks and enabling arbitrary file reads via file:// URLs combined with ?raw or ?inline. This occurs in Vite versions 6.0.0 up to before 6.4.2, 7.3.2, an...

osTicket Arbitrary File Read via PHP Filter Chains in mPDF

This module exploits an arbitrary file read vulnerability in osTicket CVE-2026-22200. The vulnerability exists in osTicket's PDF export functionality which uses mPDF. By injecting a specially crafted HTML payload containing PHP filter chain URIs into a ticket reply, an attacker can read arbitrary...