CVE-2026-4030

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check combined with a user-controlled backup...

CVE-2026-4659

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...

EUVD-2026-34902

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written in...

CVE-2026-35033

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...

CVE-2026-46393

HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enablin...

CVE-2026-46393 HAXcms createSite SSRF Enables Arbitrary File Read

HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 26.0.0 allows authenticated users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enablin...

CVE-2026-46393

The CVE-2026-46393 entry documents an authenticated SSRF in HAXcms createSite. In affected versions prior to 26.0.0, a malicious build.files input lets an authenticated user cause server-side requests (via file_get_contents on attacker-controlled tmp_name), enabling fetches of arbitrary internal/...

WordPress Smart Slider 3 plugin <= 3.5.1.36 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Nguyen Khanh Hao in WordPress Plugin Smart Slider 3 versions = 3.5.1.36...

WordPress Quick Playground plugin <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Pablo Santiago in WordPress Plugin Quick Playground versions = 1.3.4...

WordPress LearnPress – Backup & Migration Tool plugin <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read vulnerability

Authenticated Administrator+ Path Traversal to Arbitrary File Read vulnerability discovered by Wannes Verwimp in WordPress Plugin LearnPress Export Import versions = 4.1.4...

CVE-2026-50234

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

CVE-2026-50234 Lyrion Music Server 9.2.0 Path Traversal File Read

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

CVE-2026-50234

Affected product: Lyrion Music Server 9.2.0. Vulnerability: Path traversal in the web server context allowing unauthenticated attackers to read arbitrary files by manipulating file path parameters. Root cause / vector: Directory traversal outside the intended directory structure. Impact: Confiden...

CVE-2026-50234 Lyrion Music Server 9.2.0 Path Traversal File Read

Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers can manipulate file path parameters to access sensitive files outside the intended directory...

USN-8394-1 yard vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

BIT-AIRFLOW-2026-40861 Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. There were security vulnerabilities in HAX CMS PHP versions prior to 26.0.0. These vulnerabilities stemmed from an authentication-based local file inclusion vulnerability in the saveOutline endpoint, which could allow...

📄 Lyrion Music Server 9.2.0 Path Traversal / File Read

Lyrion Music Server version 9.2.0 suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server. Lyrion Music Server 9.2.0 Path Traversal File Read Vendor: LMS Community Product web page:...

CVE-2026-44917

OpenStack Ironic (prior to 35.0.2) is vulnerable to an information-disclosure issue where a malicious authenticated project admin or manager can read local files on the Ironic conductor via a pxe_template. This CVE is documented across multiple sources (OpenStack Ironic, Debian tracker, CVE lists...

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...