CVE-2026-26337

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

CVE-2026-26337 Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

CVE-2026-26337 Hyland Alfresco Transformation Service Absolute Path Traversal Arbitrary File Read and SSRF

Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal...

CVE-2026-26337

Hyland Alfresco Transformation Service is affected by CVE-2026-26337. The flaw enables unauthenticated attackers to perform absolute path traversal, resulting in arbitrary file reads and server-side request forgery (SSRF). Reported CVSS-3.1 base score 8.2 (HIGH) with NETWORK attack vector and no ...

CVE-2026-2274

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

CVE-2026-25766

Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows, Echo’s middleware.Static using the default filesystem allows path traversal via backslashes, enabling unauthenticated remote file read outside the static root. In middleware/static.go, the requested path is unescaped and...

CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read

Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories like WEB-INF via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files...

CVE-2026-26336

CVE-2026-26336 affects Hyland Alfresco. Unauthenticated attackers can read arbitrary files from protected directories (e.g., WEB-INF) via the /share/page/resource/ endpoint, causing disclosure of sensitive configuration files. The issue stems from improper access control on the resource endpoint,...

CVE-2026-2274

CVE-2026-2274 describes a vulnerability in Google AppSheet’s AppSheet Core allowing an authenticated remote attacker to perform SSRF and arbitrary file read via crafted requests to the production cluster. Affected behavior includes reading sensitive local files and accessing internal network reso...

CVE-2026-2274 Arbitrary File Read and SSRF in Google AppSheet

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

CVE-2026-2274 Arbitrary File Read and SSRF in Google AppSheet

A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Google AppSheet prior to 2025-11-23 allows an authenticated remote attacker to read sensitive local files and access internal network resources via crafted requests to the production cluster. This vulnerability was patched and no...

CVE-2026-25527

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...

CVE-2026-25527 changedetection.io vulnerable to unauthenticated static path traversal

changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...

WordPress WP AUDIO GALLERY plugin <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation vulnerability

Authenticated Subscriber+ Arbitrary File Read via .htaccess Manipulation vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP AUDIO GALLERY versions = 2.0...

CVE-2025-13603

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...

Valmet DNA Engineering Web Tools

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

CVE-2026-0926

Prodigy Commerce WordPress plugin

CVE-2026-0926 Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameterstemplatename' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server...

CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...