CVE-2025-13603 WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Read via .htaccess Manipulation

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...

CVE-2025-13603

The CVE concerns WP Audio Gallery for WordPress (

PT-2026-20602

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag htaccess callback" function This makes it possible for authenticated...

PT-2026-20920

Name of the Vulnerable Software and Affected Versions Penpot versions prior to 2.13.2 Description Penpot is an open-source design and code collaboration tool. An authenticated user with team edit permissions can read arbitrary files from the server. This is achieved by providing a local file path...

Hyland Alfresco 安全漏洞

Hyland Alfresco is an enterprise content management system developed by the American company Hyland. Hyland Alfresco has a security vulnerability, which allows unauthenticated attackers to read arbitrary files from protected directories through endpoints such as /share/page/resource/. This...

PT-2026-20837

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.53.2 Description changedetection.io is a web page change detection tool. Versions prior to 0.53.2 are susceptible to an unauthenticated local file read of application source files. The /static// API...

PT-2026-20630

Name of the Vulnerable Software and Affected Versions Prodigy Commerce versions prior to 3.2.9 Description The Prodigy Commerce plugin for WordPress is susceptible to a Local File Inclusion issue. This allows unauthenticated attackers to include and read arbitrary files or execute arbitrary files...

PT-2026-20876

Name of the Vulnerable Software and Affected Versions Hyland Alfresco Transformation Service affected versions not specified Description The Hyland Alfresco Transformation Service is susceptible to exploitation allowing unauthenticated attackers to perform arbitrary file read and server-side...

PT-2026-20851

Name of the Vulnerable Software and Affected Versions AppSheet versions prior to 2025-11-23 Description A Server-Side Request Forgery SSRF and Arbitrary File Read issue exists in AppSheet Core. An authenticated remote attacker can potentially read sensitive local files and access internal network...

CVE-2026-2419 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...

CVE-2026-2419 WP-DownloadManager <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...

CVE-2026-2419

The CVE refers to WP-DownloadManager for WordPress (versions up to and including 1.69) being vulnerable to Path Traversal via the download_path setting. The vulnerability allows an authenticated attacker with Administrator-level access to configure the plugin to list or read arbitrary server file...

Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction

Summary tar.extract in Node tar allows an attacker-controlled archive to create a hardlink inside the extraction directory that points to a file outside the extraction root, using default options. This enables arbitrary file read and write as the extracting user no root, no chmod, no preservePath...

OpenClaw has a path traversal in browser upload allows local file read

Summary Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs without restricting them to a safe root. Severity remains Hi...

GHSA-CV7M-C9JX-VG7Q OpenClaw has a path traversal in browser upload allows local file read

Summary Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs without restricting them to a safe root. Severity remains Hi...

WordPress WP-DownloadManager plugin <= 1.69 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'download_path' Parameter vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read via 'downloadpath' Parameter vulnerability discovered by n4ur15 in WordPress Plugin WP-DownloadManager versions = 1.69...

PT-2026-23538

Name of the Vulnerable Software and Affected Versions openclaw versions prior to 2026.2.14 Description The OpenClaw exec-approvals allowlist validation checks tokens before expansion, but execution uses shell expansion. This allows safe binaries like head, tail, or grep to read arbitrary local...

PT-2026-20372

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description Authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passes these paths ...

OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension

Summary The Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or via prompt injection, they may be able to...

GHSA-8JPQ-5H99-FF5R OpenClaw has a local file disclosure via sendMediaFeishu in Feishu extension

Summary The Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. Affected versions - = 2026.2.14 Impact If an attacker can influence tool calls directly or via prompt injection, they may be able to...