11166 matches found
PT-2026-44838
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...
Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...
GHSA-C3PX-H233-H6FQ Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...
CVE-2026-44881
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...
CVE-2026-10044
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
CVE-2026-44881 Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...
EUVD-2026-33065
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...
CVE-2026-44881 Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...
CVE-2026-44881
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...
CVE-2026-44881
Summary: Portainer Community Edition before fixes is vulnerable to arbitrary file read via Git-symlink injection when deploying stacks from Git repositories. During Git-backed stack creation/update, go-git v5 may create real OS symlinks for most files (except .gitmodules). The GET /api/stacks/{id...
CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
CVE-2026-10044
Usagi-org ai-goofish-monitor on Windows is affected by an unauthenticated arbitrary file read via GET /api/prompts/{filename}. The vulnerability arises from an incomplete path traversal guard that blocks only forward slashes and '..'; attackers can supply absolute Windows paths or backslash-based...
CVE-2026-32847
DeepCode (commit c991dc2) exposes a path traversal vulnerability in the SPA catch-all route of new_ui/backend/main.py. An unauthenticated attacker can read arbitrary files by sending percent-encoded path segments to GET /{full_path:path}, bypassing Starlette path normalization via %2F and %2E%2E....
compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal
Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...
GHSA-MJ4X-VF5C-5XG8 compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal
Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...
PYSEC-2026-192
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-44594 esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...
CVE-2026-49238 SFTP Server VM Escape in Canonical Multipass
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...
CVE-2025-48977
CVE-2025-48977 is a relative path traversal vulnerability in Apache Ignite’s REST API. Authenticated REST API users can read arbitrary server files via a crafted log path using the cmd=log command, affecting Ignite 2.0.0–2.17.0. The issue is fixed in Ignite 2.18.0. If you are running affected ver...