CVE-2026-1018

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2026-1018

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2026-1018 Gotac｜Police Statistics Database System - Arbitrary File Read

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2026-1018

CVE-2026-1018 affects the Police Statistics Database System developed by Gotac. The vulnerability is an Arbitrary File Read via Absolute Path Traversal, allowing unauthenticated remote attackers to download arbitrary system files. The available sources consistently describe the impact as read acc...

CVE-2026-1018 Gotac｜Police Statistics Database System - Arbitrary File Read

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...

PT-2026-3269

Name of the Vulnerable Software and Affected Versions Kafka Connect BigQuery Connector versions prior to 2.11.0 Description The Kafka Connect BigQuery Connector, a sink connector from Apache Kafka to Google BigQuery, contains a flaw that could allow arbitrary file reads. This occurs because the...

Kafka Connect BigQuery Connector code issues and vulnerabilities

Kafka Connect BigQuery Connector is a high-performance data synchronization middleware developed by Aiven Open. Versions of the connector prior to 2.11.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the service did not validate the credentials from external...

MiracleLinux 4 : libvirt-0.10.2-64.2.0.1.AXS4 (AXSA:2019-3920:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3920:02 advisory. libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 Tenable has extracted the preceding description block directly from the...

MiracleLinux 4 : cups-1.4.2-67.0.1.AXS4 (AXSA:2014-674:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-674:02 advisory. Description : The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software...

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell - Preuve de Concept CVE-2025-55182 Ce projet...

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2026-23746

Entrust Instant Financial Issuance (IFI) On Premise (CardWizard) software versions 5.x before 6.10.5 and before 6.11.1 expose the SmartCardControllerService (DCG.SmartCardControllerService.exe) to insecure .NET Remoting. The service registers a TCP remoting channel with unsafe formatter/settings,...

CVE-2025-67083

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration...

CVE-2026-22915

CVE-2026-22915 is described across multiple feeds as a low-privilege read-disclosure affecting unspecified directory paths on the device. Public documents consistently state attacker cannot escalate privileges beyond low level and no active exploits are reported in PSIRT/SICK sources. Red Hat and...

CVE-2025-15020

The Gotham Block Extra Light plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.5.0 via the 'ghostban' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on...

PT-2026-2996

Name of the Vulnerable Software and Affected Versions versions prior to 2026-22915 Description An attacker with limited access rights could potentially read files from designated directories on a device, which may lead to the disclosure of confidential data. Approximately zero devices are estimat...

WordPress Gotham Block Extra Light plugin <= 1.5.0 - Authenticated (Contributor+) Arbitrary File Read via 'ghostban' Shortcode vulnerability

Authenticated Contributor+ Arbitrary File Read via 'ghostban' Shortcode vulnerability discovered by 0x34rth in WordPress Plugin Gotham Block Extra Light versions = 1.5.0...

WordPress Integration Opvius AI for WooCommerce plugin <= 1.3.0 - Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability

Unauthenticated Arbitrary File Deletion/Read via Path Traversal vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Integration Opvius AI for WooCommerce versions = 1.3.0...

CVE-2026-0532 External Control of File Name or Path and Server-Side Request Forgery (SSRF) in Kibana Google Gemini Connector

External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticate...