11269 matches found
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166
CVE-2026-33166 (Allure Report path traversal): Allure 2.x prior to 2.38.0 is vulnerable to arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive ...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
Directory Traversal
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic utility. An attacker can access arbitrary files from backend storage by sending specially crafted request...
AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter
Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...
EUVD-2026-13914
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal...
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal
Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...
GHSA-HHGJ-GG9H-RJP7 Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal
Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the /appearance/filepath file-serving handler in kernel/server/serve.go. An attacker can read arbitrary files accessible to the server process by requesting crafted ../ paths. Notes -...
CVE-2026-33130
Uptime Kuma (versions 1.23.0–2.2.0) is affected by a server-side template injection (SSTI) in notification templates due to an incomplete fix for GHSA-vffh-c9pq-4crh. The Liquid engine mitigations added to limit path resolution (root, relativeReference, dynamicPartials) only block quoted paths; i...
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-32949
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...
CVE-2026-32949
SQLBot is vulnerable prior to version 1.7.0 to an SSRF leading to arbitrary local-file reads. An attacker can abuse /api/v1/datasource/check by supplying a forged MySQL data source with extraJdbc="local_infile=1". During connectivity verification, a rogue MySQL server issues a malicious LOAD DATA...
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...