11269 matches found
Exploit for Argument Injection in Weblate
Weblate — Arbitrary File Read via SSH Host Argument Injection...
CVE-2026-33201
Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...
Ruckus Wireless多款产品 安全漏洞
Ruckus Wireless SmartZone is a high-performance WLAN controller from Ruckus Technologies. Several products of Ruckus Wireless have security vulnerabilities. These vulnerabilities stem from arbitrary file reading vulnerabilities in the command-line interface, which could allow authenticated remote...
PT-2026-28264
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line interface that allows authenticated remote attackers with administrative privileges to read arbitrary files from the underlying filesystem. Attackers can exploit this vulnerability to access sensitive...
godoxy 路径遍历漏洞
Godoxy is a lightweight reverse proxy tool developed by Yuzerion’s individual developers. Versions of Godoxy prior to 0.27.5 contained a path traversal vulnerability. This vulnerability stemmed from the file content API endpoint’s lack of protection against path traversal, potentially allowing...
PT-2026-28418
Name of the Vulnerable Software and Affected Versions Smart Slider 3 versions prior to 3.5.1.34 Description The Smart Slider 3 plugin for WordPress contains a flaw that allows authenticated attackers with Subscriber-level access or higher to read arbitrary files on the server. This is possible...
CVE-2026-33913
OpenEMR is affected by a CCDA import vulnerability (XInclude Injection) in the Carecoordination module prior to v8.0.0.3. An authenticated user can upload a crafted CCDA containing to read arbitrary server files. The issue is mitigated by upgrading to OpenEMR v8.0.0.3. The CVSS details indicate ...
CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....
CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....
CVE-2026-30976 Sonarr Path Traversal vulnerability
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...
CVE-2026-30976 Sonarr Path Traversal vulnerability
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...
EUVD-2026-15992
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...
CVE-2026-30976 Sonarr Path Traversal vulnerability
Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...
GHSA-34XJ-66V3-6J83 SiYuan has Arbitrary Document Reading within the Publishing Service
Details Document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. PoC python !/usr/bin/env python3 """SiYuan /api/block/getChildBlocks 文档内容读取""" import requests import json import sys def...
SUSE CVE-2026-29064
Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...
Codra Panorama Suite 安全漏洞
Codra Panorama Suite is an industrial process monitoring software platform developed by the French company Codra. There is a security vulnerability in Codra Panorama Suite, which allows attackers to potentially read files on the Web HMI server...
EUVD-2026-14958
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
CVE-2026-23924 affects the Zabbix Agent 2 Docker plugin. The issue is improper sanitization of the docker.container_info parameters when forwarding to the Docker daemon, enabling an attacker capable of invoking Agent 2 to read arbitrary files from running Docker containers by injecting them via t...