11169 matches found
CVE-2026-42598 Pode: Directory Traversal is possible on Static Routes
Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesting content from a Static Route, it was possible to request paths such as http://localhost:8080/c:/Windows/System32/drivers/etc/hosts and have the...
GHSA-RPGQ-M5FP-32WR Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Summary Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 symlink into real OS symlinks on the host filesystem via os.Symlink. The only ent...
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Summary Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 symlink into real OS symlinks on the host filesystem via os.Symlink. The only ent...
GHSA-57G9-58C2-XJG3 n8n Has an Arbitrary File Read via Git Node
Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...
NPM: n8n Has an Arbitrary File Read via Git Node
NPM: n8n Has an Arbitrary File Read via Git Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...
n8n Has an Arbitrary File Read via Git Node
Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...
CVE-2026-20224
CVE-2026-20224 : Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) web UI contains an XML External Entity (XXE) handling flaw in XML parsing that could allow an unauthenticated, remote attacker to read arbitrary files on the affected system. Attacker must send a crafted request; no valid cr...
CVE-2026-20224 Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...
CVE-2026-4030
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
CVE-2026-4030
The vulnerability CVE-2026-4030 affects the Database Backup for WordPress plugin for WordPress (all versions up to 2.5.2). The root cause is the plugin not properly enforcing the return value of its authorization check when combined with a user-controlled backup directory parameter, enabling unau...
CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
CVE-2026-4030 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
CVE-2026-4030
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
EUVD-2026-30273
The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...
WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...
CVE-2026-6514
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2026-6514
The CVE concerns InfusedWoo Pro for WordPress (all versions up to 5.1.2) with an Arbitrary File Read vulnerability exploitable via the popup_submit parameter. The root cause enables unauthenticated attackers to issue web requests to arbitrary locations from the application, potentially enabling a...
CVE-2026-6514 InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
EUVD-2026-30263
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...
CVE-2026-6514
The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the popupsubmit. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...