CVE-2026-2606

Summary of CVE-2026-2606 (IBM webMethods API Management & Gateway on‑prem): The vulnerability arises from improper validation of user-supplied input in the url parameter of the /createapi endpoint. An attacker can modify the parameter to use a file:// URI schema instead of https://, enabling unau...

EUVD-2024-39542

Malicious code in bioql PyPI...

CVE-2025-1022

Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html, which can be bypassed by omitting the slashes in the file URI e.g., file:../../../../etc/passwd. This is due to missing validations of the use...

CVE-2024-42184

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

CVE-2024-42184 HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme...

CVE-2024-42184

CVE-2024-42184 affects the BigFix Patch Download Plug-ins. The vulnerability arises from insecure support for the file:// URI scheme in the plug-ins, which could allow a user with local access to attempt to download files via file:// links. The available connected sources confirm the affected pro...

PT-2025-2631 · Ibm · Bigfix Patch Download Plug-Ins

The BigFix Patch Download Plug-ins are affected by insecure support for the file URI scheme, which could allow a malicious operator to attempt to download files using the file:// URI scheme. This issue is related to the handling of URI schemes in the plug-ins. An exploit could be used to take...

CVE-2024-51998

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

CVE-2024-51998 Path traversal using file URI scheme without supplying hostname in changedetection.io

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. The...

changedetection.io path traversal using file URI scheme without supplying hostname

Summary The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. Details The check used for URL protocol, issafeurl, allows file: as ...

GHSA-6JRF-RCJF-245R changedetection.io path traversal using file URI scheme without supplying hostname

Summary The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOWFILEURI false or not defined. Details The check used for URL protocol, issafeurl, allows file: as ...

GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass

Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...

Craft CMS vulnerable to Remote Code Execution via validatePath bypass

Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...

PT-2023-27228 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions prior to 3.8.15 Craft versions prior to 4.4.15 Description: The issue is related to bypassing the validatePath function, which can lead to potential remote code execution. This can result in malicious control of vulnerable...

Input validation

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an...

Arbitrary Code Execution

rubygem-openshift-origin-node is vulnerable to arbitrary code execution attacks. The vulnerability exists as Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced...