CVE-2025-14009

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in nltk/downloader.py uses zipfile.extractall without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when...

CVE-2026-25057

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

PT-2026-3497

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description SiYuan is a personal knowledge management system with a logic issue in the /api/file/globalCopyFiles API endpoint. The issue allows authenticated users to copy files from any location on the server’s...

PT-2026-2294

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...

CVE-2025-14804 Frontend File Manager < 23.5 - Subscriber+ Arbitrary File Deletion

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...

curl: Path Traversal in curl file:// Protocol Handler Allows Unauthorized File Access

Summary During my manual review of the file path handling logic in curl's source code, I noticed the absence of proper validation for directory traversal sequences, which I then verified through practical testing. I discovered that curl allows unauthorized access to arbitrary files through the...

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

EUVD-2025-38261

AstrBot has an arbitrary file read vulnerability in function encodeimagebs64...

GHSA-J44M-5V8F-GC9C Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

PHPGurukul Pre-School Enrollment System Project 安全漏洞

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-teacher-pic.php when processing directory requests, and c...

CVE-2023-4297

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories...

Ghost Directory Traversal Vulnerability

Ghost is an open source content management system . Ghost suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths in frontend/web/middleware/static-theme.js when processing directory requests, which can be exploited by an attacker to read arbitrary...

CVE-2022-4106

The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server...

static-dev-server 路径遍历漏洞

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

CVE-2022-3536

The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...

CVE-2018-10501

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...