92 matches found
CVE-2026-23485
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...
CVE-2026-23485
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the filePath parameter accepts path traversal sequences, allowing enumeration of file existence on the server via different error responses. This issue has been patched in version 1.8.4...
CVE-2026-2830
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
EUVD-2026-10004
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2830
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2830
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2830
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (WordPress plugin) is listed as vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in versions up to and including 4.0.0 due to insufficient input sanitization and output escaping. The CVE notes unauthen...
CVE-2026-2830 WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
PT-2026-23657
The WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘filepath’ parameter in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-59819
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...
CVE-2025-59819
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...
CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...
CVE-2025-59819
The CVE-2025-59819 entries describe an authenticated arbitrary-file-read vulnerability: an attacker can supply a crafted filepath parameter that is mapped to an internal system path, enabling access to arbitrary files. Multiple sources (NVD, Red Hat, CVE list, Attackerkb, etc.) corroborate the sa...
CVE-2025-59819
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...
CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...
PT-2026-21002
This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...
CVE-2026-2552 ZenTao Editor control.php delete path traversal
A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the filePath argument in the /airag/knowledge/doc/edit component. An attacker can access sensitive files outside the intended directory by supplying crafted input remotely. Details A Directory Traversal attack al...
JeecgBoot 路径遍历漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter “filePath” in the Component...