RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework from the Chinese organization dromara. A security vulnerability exists in RuoYi-Vue-Plus 5.5.1 and earlier versions, which stems from unfiltered user input and could lead to arbitrary file reading and writing...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

PT-2026-1867

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions 5.5.1 and earlier Description The snailjob component in RuoYi-Vue-Plus does not filter user input when executing QLExpress expressions through the /snail-job/workflow/check-node-expression API endpoint. This allows...

N8n < 2.0.0 Multiple Vulnerabilities

According to its banner, the version of n8n running on the remote host is 1.0.0 or later and before 2.0.0. It is, therefore, affected by multiple vulnerabilities: - An authenticated arbitrary file read and file write vulnerability - An authenticated arbitrary command execution vulnerability in...

CVE-2025-66916

The CVE-2025-66916 entry references the snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier. The vulnerability occurs at the API endpoint /snail-job/workflow/check-node-expression, where QLExpress expressions are executed without input filtering, allowing an attacker to use the File c...

PT-2026-3411

Summary Unsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data example: /etc/passwd to an external server. Details...

CVE-2017-20212 FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading

FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile function to access...

EUVD-2026-0817

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857 Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

RustFS Path Traversal Vulnerability

RustFS Path Traversal Vulnerability Vulnerability Details - CVE ID: - Severity: Critical CVSS estimated 9.9 - Impact: Arbitrary File Read/Write - Component: /rustfs/rpc/readfilestream endpoint - Root Cause: Insufficient path validation in crates/ecstore/src/disk/local.rs:1791 Vulnerable Code rust...

GHSA-PQ29-69JG-9MXC RustFS Path Traversal Vulnerability

RustFS Path Traversal Vulnerability Vulnerability Details - CVE ID: - Severity: Critical CVSS estimated 9.9 - Impact: Arbitrary File Read/Write - Component: /rustfs/rpc/readfilestream endpoint - Root Cause: Insufficient path validation in crates/ecstore/src/disk/local.rs:1791 Vulnerable Code rust...

CVE-2026-20029

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

CVE-2025-14059

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the createtemplate REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed...

CVE-2025-13801

The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.9.0 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

CVE-2022-27279

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub177E0...

CVE-1999-0467

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter...

CVE-1999-0907

sccw allows local users to read arbitrary files...

CVE-2025-13801

CVE-2025-13801 : The WordPress Yoco Payments plugin is vulnerable to path traversal in the file parameter in versions up to 3.8.8 (per Initial Description). Wordfence’s WordPress Vulnerability Report confirms the issue as present in Yoco Payments &lt;= 3.9.0, enabling unauthenticated attackers to...

CVE-2025-13801 Yoco Payments <= 3.9.0 - Unauthenticated Arbitrary File Read

The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.9.0 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...