CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

CVE-2026-44127

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...

Exploit for Code Injection in Crushftp

CVE-2024-4040 — CrushFTP SSTI / LFI Proof of Concept For...

BIT-JRE-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

CVE-2026-41646

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

CVE-2026-44298

The Kimai CVE-2026-44298 affects Kimai versions 2.32.0–2.55.x. It enables an admin user with upload_invoice_template permission to trigger pdfContext.setOption('associated_files', ...) during sandboxed Twig rendering, forwarding to mPDF2 SetAssociatedFiles() and allowing file_get_contents() on e...

CVE-2026-44298 Kimai: Arbitrary file read in invoice PDF renderer (admin)

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxe...

CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

CVE-2026-41646

Summary (CVE-2026-41646) : Nuclei prior to 3.8.0 is vulnerable where the JavaScript protocol runtime allows templates to read local .js/.json files via the require() function, bypassing the local-file-access restriction. Affected versions range from 3.0.0 up to, but not including, 3.8.0. The issu...

PT-2026-38651

Name of the Vulnerable Software and Affected Versions Kimai versions 2.32.0 through 2.55.x Description Users with the System-Admin role ROLE SYSTE ADMIN and the upload invoice template permission can upload PDF invoice templates that execute pdfContext.setOption'associated files', ... within the...

Nuclei 访问控制错误漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. In versions 3.0.0 to 3.8.0 of Nuclei, there was an access control vulnerability. This vulnerability stemmed from the JavaScript protocol’s runtime feature, which allowed reading of local.js...

CVE-2026-44111

OpenClaw before 2026.4.15 contains an arbitrary file read vulnerability in the QMD backend memoryget function that allows callers to read any Markdown files within the workspace root. Attackers with access to the memory tool can bypass path restrictions by providing arbitrary workspace Markdown...

CVE-2026-43577

OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...

CVE-2026-30816

An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device,...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.13.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.13.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-1669 DESCRIPTION: Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a...

USN-8247-1 owslib vulnerability

It was discovered that OWSLib did not properly disable entity resolution within its XML parser. An attacker could possibly use this issue to read arbitrary files via a crafted XML payload...

CVE-2026-33589 Arbitrary File Read via Local File Inclusion (LFI)

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal...

CVE-2026-33589

Open Notebook v1.8.3 is affected by CVE-2026-33589 due to lack of input validation in the file-upload function, enabling local file read via path traversal from within the docker container. Affected component: file upload handling; attack vector: LOCAL, without user interaction, no privileges req...

CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read

Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...