WP Responsive Images <= 1.0 - Arbitrary File Read

WP Responsive Images plugin for WordPress = 1.0 contains a path traversal caused by improper sanitization of the 'src' parameter, letting unauthenticated attackers read arbitrary files on the server. id: CVE-2026-1557 info: name: WP Responsive Images = 1.0 - Arbitrary File Read author: Shivam...

DevDojo Voyager <=1.8.0 - Arbitrary File Read

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. id: CVE-2024-55415 info: name: DevDojo Voyager =1.8.0 - Arbitrary File Read author: iamnoooob,rootxharsh,pdresearch severity: high description: | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at t...

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

GHSA-4XGF-CPJX-PC3J pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

Summary NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is followed, so files outside the configured directory are read into settings value...

GHSA-F4XH-W4CJ-QXQ8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read

Summary An attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deploye...

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

symfony/ux-toolkit Path Traversal allows arbitrary file write and read via crafted recipe manifest

Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. The only guard against malicious paths was Path::isRelative, which returns true for paths like ../../../etc. Path::join then resolves the .. segments without complaint, so the...

EUVD-2026-37986

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1058 through 1.7.1059. This is due to the wprgetcsvhandle helper introduced in version 1.7.1058 as part of the patch for CVE-2026-6229 falling back to...

CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

EUVD-2026-37981

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the renderlogsui function, which accepts a base64-encoded file name from the 'logfile' GET...

CVE-2026-7547

CVE-2026-7547 affects the WordPress plugin Woosa – Marktplaats for WooCommerce. Versions up to 2.0.4 are vulnerable to Arbitrary File Read via path traversal in render_logs_ui(), which accepts a base64-encoded log_file name and concatenates it with the log directory without validating the final p...

CVE-2026-56078

CVE-2026-56078 affects PraisonAI prior to 1.5.115, specifically a path traversal vulnerability in the MultiAgentMonitor component. The issue arises because agent IDs are not properly sanitized when building file paths, allowing an attacker to inject traversal sequences (e.g., ../) to access arbit...

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin 1.7.1058-1.7.1059 - Authenticated (Contributor+) Arbitrary File Read vulnerability

Authenticated Contributor+ Arbitrary File Read vulnerability discovered by Jack Taylor in WordPress Plugin Royal Elementor Addons versions 1.7.1058-1.7.1059...

WordPress Woosa – Marktplaats for WooCommerce plugin <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Legion Hunter in WordPress Plugin Woosa – Marktplaats for WooCommerce versions = 2.0.5...

Grafana Post-Auth DuckDB - SQL Injection To File Read

The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...

BOA Web Server 0.94.14 - Arbitrary File Access

BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...

PT-2026-50823

External Control of File Name or Path in xDS SDS DataSource Summary DataSourceStream in the :xds module resolves control-plane-supplied filename and environment variable fields from SDS Secret resources without any allow-list or base-directory confinement. A semi-trusted or compromised xDS contro...

Siemens RuggedCom Rox Argument Injection (CVE-2025-40948)

Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges. This plugin only works with Tenable.ot. Please visit...

CVE-2026-53872 picklescan - Arbitrary File Read via Unsafe Pickle Deserialization

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

CVE-2026-53872

The CVE-2026-53872 entry covers picklescan (pre-0.0.35) with an unsafe pickle deserialization flaw that allows unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. This leads to potential exposure of sensitive data (e.g., /etc/passwd) despite ...