218 matches found
CVE-2026-30240
Budibase PWA ZIP upload path traversal (CVE-2026-30240) affects Budibase 3.31.5 and earlier. Affected component: PWA ZIP processing endpoint at POST /api/pwa/process-zip. Root cause: unsanitized usage of path.join() with user-controlled input from icons.json inside the uploaded ZIP allowing an au...
CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA Progressive Web App ZIP processing endpoint POST /api/pwa/process-zip allows an authenticated user with builder privileges to read arbitrary...
WindMill 路径遍历漏洞
WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...
Directory Traversal
Overview @fonoster/voice is a Voice Server for Fonoster Affected versions of this package are vulnerable to Directory Traversal via the serveFiles function. An attacker can access arbitrary files on the server by sending crafted requests containing directory traversal sequences to the /sounds/:fi...
BIT-KIBANA-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)
Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...
CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint
Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...
CVE-2026-2419
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...
Tandoor Recipes 安全漏洞
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.5.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of input validation for the filepath parameter...
Outline 路径遍历漏洞
Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.4.0 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of the attachments.key value during the JSON import process, which could allow attackers to read arbitra...
GeoNetwork 代码问题漏洞
GeoNetwork is GeoNetwork open source a catalog application . It is used to manage spatially referenced resources. A code issue vulnerability exists in GeoNetwork 4.2.0 and earlier versions, which stems from an XML external entity vulnerability in PDF rendering that could lead to reading arbitrary...
n8n 输入验证错误漏洞
n8n is a scalable workflow automation tool from the n8n open source. An input validation error vulnerability exists in versions prior to n8n 1.121.0, which stems from an attacker being able to access underlying server files by executing a form-based workflow, potentially leading to the disclosure...
CVE-2026-21858
CVE-2026-21858 (n8n) affects n8n versions starting from 1.65.0 up to and including 1.120.x. The root cause is an inadequate input validation in form-based workflow processing, leading to Content-Type confusion that enables an unauthenticated attacker to read arbitrary server files and potentially...
Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 CVSS scor...
PT-2026-1553
Name of the Vulnerable Software and Affected Versions EmailKit versions up to and including 1.6.1 Description The EmailKit plugin for WordPress is susceptible to Arbitrary File Read due to a Path Traversal issue. This occurs because of a lack of path validation in the create template REST API...
PT-2025-136: Path Traversal in mPDF
The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...
CVE-2021-47714
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pgreadfile PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server...
📄 GetSimple CMS 3.3.16 Cross Site Request Forgery
GetSimple CMS version 3.3.16 cross site request forgery proof of concept that deletes all backups without user confirmation. ============================================================================================================================================= | Title : GetSimple CMS 3.3.16...
Directory Traversal
NiceGUI is vulnerable to Directory Traversal. The vulnerability is due to improper validation in the App.addmediafiles function, which allows an attacker to access and read arbitrary files from the server filesystem...
EUVD-2025-203062
The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...
CVE-2016-20023
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...