3350 matches found
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the /appearance/filepath endpoint, which could lead to directory traversal and...
wgcloud 安全漏洞
WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. WGCloud versions 3.6.3 and earlier have security vulnerabilities. These vulnerabilities stem from the test connection feature in backend database management, which...
CVE-2026-31971
A flaw was found in HTSlib, a library used for bioinformatics file formats. When reading CRAM Compressed Reference-oriented Alignment Map files, the crambytearraylendecode function did not properly validate the size of incoming data against the allocated buffer. This memory corruption vulnerabili...
CVE-2026-32251 Tolgee has an XXE Injection in Translation Import
Tolgee is an open-source localization platform. Prior to 3.166.3, the XML parsers used for importing Android XML resources .xml and .resx files don't disable external entity processing. An authenticated user who can import translation files into a project can exploit this to read arbitrary files...
GHSA-2238-XC5R-V9HJ @tinacms/graphql has a Path Traversal issue
Description TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join without validating that the resolved path...
CVE-2026-31894
WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...
Intelbras TIP 200 Lite和Intelbras TELEFONE IP TIP200 安全漏洞
The Intelbras TIP 200 Lite and the Intelbras TELEFONE IP TIP200 are both products of the Brazilian company Intelbras. The Intelbras TIP 200 Lite is an IP phone device. It operates as an IP terminal and supports up to two SIP accounts. It features high voice quality HD Voice, LCD display 2x15, and...
HashiCorp Consul和HashiCorp Consul Enterprise 安全漏洞
HashiCorp Consul and HashiCorp Consul Enterprise are both products of the American company HashiCorp. HashiCorp Consul is a distributed, highly available data center awareness solution. It is used for connecting and configuring applications across dynamic distributed infrastructures. HashiCorp...
EUVD-2026-10563
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...
OneUptime 路径遍历漏洞
OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.21 contained a path traversal vulnerability. This vulnerability stemmed from the /workflow/docs/ endpoint’s path traversal, which cou...
MBS多款产品 安全漏洞
MBS UBR-01 Mk II, etc., are products of the German MBS company. MBS UBR-01 Mk II is a remote base station device. MBS UBR-02 is also a remote base station device. MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security vulnerabilities;...
flask_ssti_exploit
Tools for Exploiting SSTI Vulnerabilities under Flask Di...
flask_ssti_exploit
Tools for Exploiting SSTI Vulnerabilities under Flask Di...
ragas 安全漏洞
Ragas is an open-source toolkit developed by Vibrant Labs for optimizing and evaluating large language models. Versions of Ragas from v0.2.3 to v0.2.14 contain security vulnerabilities. These vulnerabilities stem from improper URL validation and cleaning of the retrievedcontexts parameter, which...
[R1] Nessus Manager Versions 10.10.3 and 10.11.3 Fix One Vulnerability
R1 Nessus Manager Versions 10.10.3 and 10.11.3 Fix One Vulnerability Arnie Cabral Tue, 03/03/2026 - 12:08 A path traversal vulnerability exists in Nessus Manager where an authenticated, remote attacker could read arbitrary OS system files...
Copeland多款产品 路径遍历漏洞
Both Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems developed by the American company Copeland. Several products of Copeland have been identified with a path traversal vulnerability. This vulnerability stems...
CVE-2026-26938
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
GetSimple CMS 安全漏洞
GetSimple CMS is an open-source content management system developed by GetSimple CMS. There is a security vulnerability in GetSimple CMS, which stems from a flaw in the file upload function, potentially allowing arbitrary file reading...
CVE-2026-26746
OpenSourcePOS 3.4.1 contains a Local File Inclusion LFI vulnerability in the Sales.php::getInvoice function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code...
OpenClaw 路径遍历漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu extension that allows sendMediaFeishu to treat an attacker-controlled mediaUrl value as a local file system path and read it...