CVE-2026-25052 n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical...

CVE-2025-15487

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

CVE-2025-15487 Code Explorer <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which...

WeiPHP 5.0 - Path Traversal

WeiPHP 5.0 contains a path traversal caused by insufficient input validation of the picUrl parameter in /public/index.php/material/Material/downloadimgage, letting unauthenticated remote attackers read arbitrary files. id: CVE-2025-34045 info: name: WeiPHP 5.0 - Path Traversal author: pikpikcu...

Exploit for Missing XML Validation in Apache Struts

CVE-2025-68493 CVE-2025-68493 7. References 1 Apac...

PT-2026-6262

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.10 n8n versions prior to 2.5.0 Description n8n, an open source workflow automation platform, contains a flaw in the Git node. This allows authenticated users with create or modify permissions for workflows to execut...

PT-2026-5888

Name of the Vulnerable Software and Affected Versions WordPress Code Explorer plugin versions through 1.4.6 Description The Code Explorer plugin for WordPress has a flaw that allows authorized users with Administrator-level access or higher to read arbitrary files on the server. This is possible...

WordPress Code Explorer plugin <= 1.4.6 - Authenticated (Administrator+) Arbitrary File Read via 'file' Parameter vulnerability

Authenticated Administrator+ Arbitrary File Read via 'file' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Code Explorer versions = 1.4.6...

CVE-2020-37088

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

CVE-2020-37088 School ERP Pro 1.0 - Arbitrary File Read

School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system...

CVE-2020-37088

CVE-2020-37088 affects School ERP Pro 1.0: an unauthenticated file disclosure via download.php by manipulating the document parameter with directory traversal to read arbitrary files, exposing sensitive configuration files and credentials. Root cause: improper validation of the document parameter...

GO-2026-4346 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality in github.com/siyuan-note/siyuan/kernel

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality in github.com/siyuan-note/siyuan/kernel...

GO-2026-4347 SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel

SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel...

PT-2026-6515

SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality in github.com/siyuan-note/siyuan/kernel...

PT-2026-6516

SiYuan vulnerable to Arbitrary file Read / SSRF in github.com/siyuan-note/siyuan/kernel...

PT-2026-5838

Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro version 1.0 has a flaw that allows attackers to read arbitrary files without needing to log in. This is possible by manipulating the document parameter within the 'download.php' file. By...

GO-2026-4386 SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal in github.com/siyuan-note/siyuan/kernel

SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal in github.com/siyuan-note/siyuan/kernel...

Signal K Server 路径遍历漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.20.3 contained a path traversal vulnerability. This vulnerability stemmed from the applicationData API’s lack of protection against path traversal, which could lead to...

Directory Traversal

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Directory Traversal. File operations fail to validate file path parameters against directory traversal sequences,...