11278 matches found
CVE-2026-25891 Fiber has an Arbitrary File Read in Static Middleware on Windows
Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...
GHSA-M3C2-496V-CW3V Fiber has an Arbitrary File Read in Static Middleware on Windows
Summary Description A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0. Detail...
CVE-2026-26222
Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...
CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE
Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...
CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE
Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...
CVE-2026-26222
The CVE-2026-26222 entry concerns Altec DocLink (now Beyond Limits Inc.) 4.0.336.0, where insecure .NET Remoting endpoints exposed over TCP and HTTP/SOAP via ObjectURI “doclinkServer.soap” allow unauthenticated access. The vulnerability arises from unsafe object unmarshalling, enabling remote att...
Exploit for Improper Input Validation in N8N
CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...
PT-2026-21802
Name of the Vulnerable Software and Affected Versions Fiber versions 3.0.0 and earlier Fiber versions 3.0.0 through 3.0.0 Description A Path Traversal flaw exists in Fiber, potentially allowing a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms
CVE-2024-46987 — Camaleon CMS Arbitrary Path Traversal Fo...
CVE-2025-59819
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...
Keras Has A Local File Disclosure Via HDF5 External Storage During Keras Weight Loading
Summary TensorFlow / Keras continues to honor HDF5 “external storage” and "ExternalLink" features when loading weights. A malicious ".weights.h5" or a ".keras" archive embedding such weights can direct "loadweights" to read from an arbitrary readable filesystem path. The bytes pulled from that pa...
XML External Entity (XXE)
org.assertj, assertj-core is vulnerable to XML External Entity XXE. The vulnerability is due to the DocumentBuilderFactory in org.assertj.core.util.xml.XmlStringPrettyFormatter.toXmlDocumentString being initialized with default settings without disabling DTDs or external entities, which allows an...
CVE-2026-26321
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed sendMediaFeishu to treat attacker-controlled mediaUrl values as local filesystem paths and read them directly. If an attacker can influence tool calls directly or via prompt injection...
CVE-2026-27202
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...
CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...
CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...
CVE-2026-27202
CVE-2026-27202 concerns GetSimple CMS. All versions are affected by a flaw in the Uploaded Files feature that enables arbitrary file reads. The issue is reported as not fixed at publication. The available documents do not provide exploit details or concrete attack vectors. The CVSS data indicates...
CVE-2026-27202 GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication...
Metasploit Wrap-Up 02/20/2026
Hacking Churches and Backdooring Emacs This release packs some solid exploit module additions! Two new unauthenticated RCE modules are a major win: the StoryChief WordPress plugin exploit CVE-2025-7441 targets a webhook validation flaw allowing arbitrary file uploads, while the ChurchCRM exploit...
CVE-2026-25527
changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the /static// route accepts group="..", which causes sendfromdirectory"static/..", filename to execute. This moves the base directory up to /app/changedetectionio, enabling unauthenticated local...