11242 matches found
CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...
WordPress Gutenberg Thim Blocks plugin <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter vulnerability
Authenticated Contributor+ Arbitrary File Read via 'iconSVG' Parameter vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Thim Blocks versions = 1.0.1...
WordPress Feeds for YouTube Pro plugin <= 2.6.0 - Unauthenticated Arbitrary File Read via Path Traversal vulnerability
Unauthenticated Arbitrary File Read via Path Traversal vulnerability discovered by LionTree in WordPress Plugin YouTube Feed Pro versions = 2.6.0...
WordPress Gotham Block Extra Light plugin path traversal vulnerability
The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. A path traversal vulnerability exists in the WordPress Gotham Block Extra Light plugin, which stems from the mishandling of the ghostban shortcode, and...
PT-2026-3515
Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 have an arbitrary file read issue in the /project/element update process. An authenticated client can submit a custom Element with a user-defined path, which causes...
PT-2026-3496
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description The markdown feature in SiYuan allows unrestricted server-side HTML rendering, which can lead to arbitrary file read LFD and Server-Side Request Forgery SSRF. This issue occurs because the markdown...
CVE-2025-13725
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...
Exploit for CVE-2026-1107
CVE-2026-1107 Nuclei Template Nuclei template for detecting...
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
CVE-2026-23529
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...
CVE-2026-1022
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-13725
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...
CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...
CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...
CVE-2025-13725
The CVE CVE-2025-13725 concerns the Gutenberg Thim Blocks – Page Builder (thim-blocks) for WordPress, affected through version 1.0.1. The vulnerability arises from insufficient path validation during server-side rendering of the thim-blocks/icon block, allowing an authenticated user with Contribu...
CVE-2026-1018
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
CVE-2025-12002 Feeds for YouTube Pro <= 2.6.0 - Unauthenticated Arbitrary File Read via Path Traversal
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
CVE-2025-12002 Feeds for YouTube Pro <= 2.6.0 - Unauthenticated Arbitrary File Read via Path Traversal
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
EUVD-2026-3158
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...