CVE-2026-35593 Trilium Notes has Local File Inclusion via upload modified file API endpoint

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

Improper Access Control

getgrav/grav is vulnerable to improper access control. The vulnerability is due to insufficient restriction on the "Frontmatter" form, which allows a low-privileged user to read sensitive server files and exploit them to compromise user accounts...

Devika 路径遍历漏洞

Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. A security vulnerability exists in Devika v1. The vulnerability stems from...

Path Traversal

flarum/core and flarum/framework is vulnerable to Path Traversal. The vulnerability exists because the whenSettingsSaving function in ValidateCustomLess.php does not properly restrict the custom LESS setting, which allows an attacker to access files outside the expected directory and read sensiti...

CVE-2022-1401

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...

File Containment Vulnerability in MetInfo v5.0.4 of Changsha Mito Information Technology Co.

Mito enterprise building system MetInfo is a free and open source enterprise CMS. Changsha Mito Information Technology Co., Ltd MetInfo v5.0.4 version of the file contains a vulnerability that can be exploited by attackers to view sensitive server files...

Arbitrary File Download Vulnerability in WMCMS

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS has an arbitrary file download vulnerability that can be exploited by attackers to download sensitive server files...

Arbitrary File Read Vulnerability in PowerEasy SmartGov

PowerEasy government website management system PowerEasy SmartGov is a complete set of government portal application solutions provided by PowerEasy according to the actual application requirements of the government. An arbitrary file read vulnerability exists in PowerEasy SmartGov. An attacker c...

id software quake ii server 3.2 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An...

Mail.ru: XXE and SSRF on webmaster.mail.ru

SSRF request: POST /domain/metadata HTTP/1.1 Host: webmaster.mail.ru User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:29.0 Gecko/20100101 Firefox/29.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate...

ID Software Quake II Server 3.2 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An attacker may leverage these issues...