11269 matches found
CVE-2026-33354 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`
WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...
CVE-2026-28809
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
CVE-2026-28809
CVE-2026-28809 is an XXE vulnerability in esaml and forks where attacker-controlled SAML messages are parsed with xmerl_scan:string/2 before signature verification, allowing local file reads (e.g., Kubernetes secrets) and potential SSRF via crafted messages. The issue stems from XML entity expans...
EEF-CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF
Summary XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages usin...
WWBN AVideo 路径遍历漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of directory restrictions on the import.json.php endpoint, which could allow arbitra...
Advisory ROSA-SA-2026-3231
software: curl 8.7.1 OS: ROSA-CHROME unaffected versions = curl-8.7.1-5 affected versions curl-8.7.1-5 CVE-ID: CVE-2025-14524 BDU-ID: 2026-02955 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cURL server communication software tool is related to URL redirection to an untrusted site...
CVE-2019-25577 SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backendtheme/editcss/ or /backend/backendtheme/editjs/ with...
Exploit for CVE-2026-1302
Langpath Langflow Path Traversal Exploit CVE-2026-1302 A...
EUVD-2026-14240
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...
CVE-2026-4373
The JetFormBuilder WordPress plugin is affected by CVE-2026-4373: all versions up to 3.5.6.2 allow unauthenticated arbitrary file read via path traversal. This stems from Uploaded_File::set_from_array accepting user-supplied paths from the Media Field JSON without ensuring the path is within Word...
CVE-2026-2351
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-2351 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-2351
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-2351 Task Manager <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Read
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callbackgettextfromurl function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on th...
CVE-2026-2351
The CVE-2026-2351 entry concerns the WordPress Task Manager plugin (up to version 3.0.2). The vulnerability is an Arbitrary File Read via the callback_get_text_from_url() function, exploitable by authenticated users with Subscriber-level access and above. The impact is exposure of contents from a...