Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal

Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosure caused by improper verification of the 'file' GET parameter in logdownload.cgi, letting attackers disclose sensitive files via directory traversal, exploit requires no authentication. id: CVE-2022-37122...

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

Cellinx NVT Web Server - Local File Disclosure

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. id: CVE-2023-23063 info: name: Cellinx NVT Web Server - Local File Disclosure author: daffainfo severity: high description: | Cellinx NVT v1.0.6.002b was discover...

Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure. id: CVE-2022-38840 info: name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity XXE author: daffainfo severity: high description: |...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

CVE-2026-49359

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

CVE-2026-49359 PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

CVE-2026-49359

PhpWeasyPrint (pontedilana/php-weasyprint) prior to version 2.6.0 is vulnerable: the attachment option for Pdf can accept any value that passes filter_var(url), including http, https, ftp, file, and PHP streams like php://. The library fetches these values server-side via file_get_contents, allow...

CVE-2026-4027

CVE-2026-4027 affects FlexNet Manager Suite 2025 R1 and R2, where insufficient access control could allow unauthorized access to attachment files. The vulnerability is described as an access-control weakness that could expose attachments to users without proper privileges. The description and met...

PT-2026-51002

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The library fetches content of option values server-side using the file get contents function when a value is...

CVE-2026-47277

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Webmin before 1.290 and Usermin before 1.220 contain a path traversal caused by calling the simplifypath function before decoding HTML, letting remote attackers read arbitrary files, exploit requires sending crafted '..%01' sequences. id: CVE-2006-3392 info: name: Webmin 1.290 / Usermin 1.220 -...

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...

Icinga Web 2 - Arbitrary File Disclosure

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. id: CVE-2022-24716 info:...

PT-2026-48996

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A path traversal issue exists in the getOrgLogo function of the OrganisationsController. The software constructs file paths for organization logos using fields controlled by the organization, su...

USN-8419-1: HTTP-Daemon vulnerability

It was discovered that HTTP-Daemon incorrectly handled untrusted input under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary commands, create or overwrite arbitrary files, or expose sensitive information...

📄 UniFi Network 9.0.118 Path Traversal / File Disclosure

UniFi Network version9.0.118 suffers from a path traversal vulnerability that can lead to arbitrary file disclosure. ================================================================================================================================== | Title : UniFi Network 9.0.118 Advanced...

XML External Entity (XXE) Injection

Overview org.springframework.ws:spring-xml is a dependency of org.springframework.ws. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Jaxp13XPathTemplate class in Jaxp13XPathTemplate.java. When XPath expressions are evaluated against StreamSource and...