11227 matches found
CVE-2026-3585
The Events Calendar WordPress plugin (up to v6.15.17) is affected by a path traversal vulnerability in the ajax_create_import function. The issue allows authenticated attackers with Author-level access or higher to read arbitrary files on the server, exposing sensitive information. The vulnerabil...
Directory Traversal
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Directory Traversal via the Loader.candidates resolution when require.resolve is used as a fallback; an attacker can read arbitrary...
Flare 路径遍历漏洞
Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.3 contained a path traversal vulnerability. This vulnerability stemmed from the /api/avatars/filename path traversal, which could lead to arbitrary file reading...
📄 Vite 6.2.2 Arbitrary File Read
Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...
PT-2026-24176
Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.18 Description The Events Calendar plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 6.15.17. This allows authenticated attackers with...
APSB26-05 : Security update available for Adobe Commerce
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important, and moderate vulnerabilities. Successful exploitation could lead to security feature bypass, application denial-of-service, privilege escalation, arbitrary code execution, an...
PT-2026-24472
Name of the Vulnerable Software and Affected Versions gleam-wisp wisp versions 2.1.1 through 2.2.0 Description A path traversal issue exists in gleam-wisp wisp that allows arbitrary file reading through percent-encoded path traversal. The wisp.serve static function is susceptible because...
Linux Distros Unpatched Vulnerability : CVE-2026-0846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. T...
CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...
CVE-2026-30869
SiYuan contains a path traversal vulnerability in the /export endpoint prior to version 3.5.10. Double-encoded traversal sequences can read arbitrary server files (e.g., conf/conf.json) containing secrets such as the API token, cookie signing key, and workspace authentication code. Leakage could ...
CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage
SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...
EUVD-2026-10351
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...
EUVD-2026-10350
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...
NLTK has Arbitrary File Read via Absolute Path Input in nltk.util.filestring()
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...
CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
CVE-2026-1776 Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
CVE-2026-1776
Camaleon CMS CVE-2026-1776 affects versions 2.4.5.0–2.9.0 prior to commit f54a77e, with a path traversal vulnerability in the CamaleonCmsAwsUploader AWS S3 backend. Authenticated users can trigger download_private_file to bypass path validation (valid_folder_path?) and read arbitrary files on the...
CVE-2026-0846
A flaw was found in the nltk component. This vulnerability, specifically within the filestring function of the nltk.util module, allows an attacker to perform arbitrary file reads. By providing specially crafted input paths, either absolute or using directory traversal, an attacker can bypass inp...
PYSEC-2026-97
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...
DEBIAN-CVE-2026-0846
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...