CVE-2026-35187

pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parseurls API function in src/pyload/core/api/init.py fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated...

pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The parseurls API function in src/pyload/core/api/init.py line 556 fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission...

GHSA-2WVG-62QM-GJ33 pyLoad: SSRF in parse_urls API endpoint via unvalidated URL parameter

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The parseurls API function in src/pyload/core/api/init.py line 556 fetches arbitrary URLs server-side via geturlurl pycurl without any URL validation, protocol restriction, or IP blacklist. An authenticated user with ADD permission...

CVE-2026-35000

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc and similar file-access primitives. Attackers can exploit th...

CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

CVE-2026-34730

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

GHSA-P998-JP59-783M AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

Summary On Windows the static resource handler may expose information about a NTLMv2 remote path. Impact If an application is running on Windows, and using aiohttp's static resource handler not recommended in production, then it may be possible for an attacker to extract the hash from an NTLMv2...

AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

Summary On Windows the static resource handler may expose information about a NTLMv2 remote path. Impact If an application is running on Windows, and using aiohttp's static resource handler not recommended in production, then it may be possible for an attacker to extract the hash from an NTLMv2...

CVE-2026-34515 AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

CVE-2026-35000

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc and similar file-access primitives. Attackers can exploit th...

CVE-2026-35000

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc and similar file-access primitives. Attackers can exploit th...

OpenClaw's message tool media parameter bypasses tool policy filesystem isolation

Summary The message tool accepted mediaUrl and fileUrl aliases without applying the same sandbox localRoots validation as the canonical media path handling. Impact A caller constrained to sandbox media roots could read arbitrary local files by routing them through the alias parameters. Affected...

EUVD-2026-17119

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

CVE-2026-2285 CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

CVE-2026-2285 CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...

CVE-2026-2285

CrewAI CVE-2026-2285 is an arbitrary local file read vulnerability in the JSON loader tool, caused by lack of path validation in the loader. Affected ecosystem details indicate affected crewai-tools transitive deps (crewai-tools >=0.13.2,

CrewAI contains multiple vulnerabilities including SSRF, RCE and local file read

Overview Four vulnerabilities have been identified in CrewAI, including remote code execution RCE, arbitrary local file read, and server-side request forgery SSRF. CVE-2026-2275 is directly caused by the Code Interpreter Tool. The other three vulnerabilities result from improper default...

Remote Code Execution (RCE)

Indico is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of LaTeX input allowing bypass via crafted syntax, which allows an attacker to read local files or execute arbitrary code on the server when LaTeX rendering is enabled...

CVE-2026-33486

Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...