PT-2026-37349

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

PT-2026-38244

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15 Description An arbitrary file read issue exists in the QMD backend memory get function. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown paths,...

PT-2026-37836

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

PT-2026-38232

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description A file read issue allows attackers to bypass navigation guards through browser act/evaluate interactions. This enables attackers to pivot into the local Chrome DevTools Protocol CDP origin and...

RHCOS 4 : OpenShift Container Platform 4.5.33 (RHSA-2021:0429)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - ant: insecure temporary file CVE-2020-11979 - jenkins: Arbitrary file...

JetBrains IntelliJ IDEA Arbitrary Local File Read (CVE-2026-41882)

The version of JetBrains IntelliJ IDEA installed on the remote host is prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, or 2026.1.1. It is, therefore, affected by an arbitrary local file read vulnerability: - In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1...

GHSA-3446-6MGW-F79P Grav is Vulnerable to XXE via SVG Upload

Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...

CVE-2026-40075

OpenMRS Core <2.8.6 and 2.8.0–2.8.5 exposes a path traversal in ModuleResourcesServlet (/openmrs/moduleResources/{moduleid}) due to unsafe path construction without normalization, allowing unauthenticated reading of arbitrary files (e.g., /etc/passwd). Tomcat

CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

GHSA-8757-69J2-HX56 changedetection.io has an Arbitrary Local File Read via a crafted backup restore

Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into th...

changedetection.io has an Arbitrary Local File Read via a crafted backup restore

Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into th...

GHSA-PG4W-G64P-QWHJ gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository

Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...

CVE-2026-31893 Tunnelblick arbitrary file read via symlink following in tunnelblickd

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...

CVE-2026-31893 Tunnelblick arbitrary file read via symlink following in tunnelblickd

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Niv Kochan in WordPress Plugin FluentForm versions = 6.2.1...

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.52.1...

WordPress Salon Booking System – Free Version plugin <= 10.30.25 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.25...

CVE-2026-43533

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

CVE-2026-43533 OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...