11227 matches found
CVE-2026-31893 Tunnelblick arbitrary file read via symlink following in tunnelblickd
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...
WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read vulnerability
Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Niv Kochan in WordPress Plugin FluentForm versions = 6.2.1...
WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.1 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Forminator versions = 1.52.1...
WordPress Salon Booking System – Free Version plugin <= 10.30.25 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.25...
CVE-2026-43533
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...
CVE-2026-43533
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...
CVE-2026-43533 OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...
CVE-2026-43533 OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...
CVE-2026-43533
OpenClaw prior to 2026.4.10 is affected by an arbitrary local file read via QQBot media tags. The root cause is improperly handling media tags that reference host-local paths outside the media storage boundary, allowing disclosure of arbitrary local files through outbound media handling. Impact i...
EUVD-2026-27277
OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...
BIT-APACHE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...
CVE-2026-5192
The CVE concerns the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder
CVE-2026-5192 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.52.1 - Unauthenticated Arbitrary File Read via 'upload-1[file][file_path]'
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 1.52.1 via the 'upload-1filefilepath' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary...
EUVD-2026-27197
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...
CVE-2026-5957
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...
CVE-2026-5957 EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...
CVE-2026-5957
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...
CVE-2026-5957
The CVE concerns the WordPress EmailKit plugin (versions up to and including 1.6.5). A path traversal flaw in CheckForm.php::create_template() uses realpath() on the allowed base directory (wp-content/uploads/emailkit/templates/), which may not exist, causing realpath() to return false. In PHP 8....
CVE-2026-5957 EmailKit <= 1.6.5 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter
The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...