11201 matches found
CVE-2026-10074
CVE-2026-10074 : DreamMaker (Interinfo) is affected by an Arbitrary File Read vulnerability that enables a privileged local attacker to perform a Relative Path Traversal to download arbitrary system files. The issue is described across multiple sources as a file-read exposure with a potential con...
CVE-2026-10073
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2026-10073 Interinfo|DreamMaker - Arbitrary File Read
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2026-10073 Interinfo|DreamMaker - Arbitrary File Read
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...
EUVD-2026-33294
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2026-10073
DreamMaker by Interinfo is affected by an Arbitrary File Read via Relative Path Traversal, allowing unauthenticated local access to download arbitrary system files. CVSS v3.1 base score 7.5 (HIGH) and CVSS v4.0 base score 8.7 (HIGH). No exploitation status or patch details are provided in the sup...
CVE-2025-41271
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...
CVE-2025-41271
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...
CVE-2025-41271
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...
CVE-2025-41271
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...
EUVD-2026-33061
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
PT-2026-44838
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...
Waterfall WF-500 安全漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. There are security vulnerabilities in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; these vulnerabilities stem fr...
PT-2026-44924
Name of the Vulnerable Software and Affected Versions xiaomusic version 0.5.7 Description An unauthenticated path traversal issue exists in the 'GET /music/file path:path' endpoint. This occurs due to an incomplete path prefix check and a missing trailing separator in the comparison logic...
PT-2026-44837
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...
Prodigy Commerce 3.3.0 - Local File Inclusion
Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link: https://wordpress.org/plugins/prodigy-commerce/ Version: 3.2.9 Tested on: Debian CVE : CVE-2026-0926 Description: Prodigy Commerce...
Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...
GHSA-C3PX-H233-H6FQ Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
Summary ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because ProjectService.CreateProject writes attacker-supplied compose content to disk without validating includ...
CVE-2026-44881
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...
CVE-2026-10044
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...