CVE-2026-3795 doramart DoraCMS v1.js createFileBypath path traversal

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...

PT-2026-24115

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.31.5 Description Budibase is a low code platform used for creating internal tools, workflows, and admin panels. A path traversal flaw exists in the PWA Progressive Web App ZIP processing endpoint, specifically at...

Biome MCP Server 命令注入漏洞

Biome MCP Server is a code inspection and formatting tool developed by Ryuzaki Shinji individually. Versions of Biome MCP Server 1.0.0 and earlier have a command injection vulnerability, which stems from incorrect handling of the file biome-mcp-server.ts, potentially leading to command injection...

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

Directory Traversal

Overview @fonoster/voice is a Voice Server for Fonoster Affected versions of this package are vulnerable to Directory Traversal via the serveFiles function. An attacker can access arbitrary files on the server by sending crafted requests containing directory traversal sequences to the /sounds/:fi...

PYSEC-2026-98

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2026-24848

OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server filesystem. This vulnerabilit...

BIT-KIBANA-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

CVE-2026-24488 OpenEMR Vulnerable to Arbitrary File Exfiltration via Fax Endpoint

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on the server...

Arbitrary File Read

Weblate is vulnerable to arbitrary file read. The vulnerability is due to improper handling of crafted symbolic links in repositories, which allows an attacker to read arbitrary files from the server file system...

USN-8059-4 linux-realtime, linux-realtime-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...

EUVD-2026-8581

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument method in EtherFaxActions.php allows authenticated users to read arbitrary files from the server filesystem. Any authenticated user regardless of...

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-26202

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

CVE-2026-23491 InvoicePlane has Unauthenticated Path Traversal in Guest Controller

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A path traversal vulnerability exists in the getfile method of the Guest module's Get controller in InvoicePlane up to and including through 1.6.3. The vulnerability allows unauthenticated attacker...

CVE-2026-2419

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...

📄 NFR Agent SRS Record 1.0.4.3 PHP Code Injection

Proof of concept code injection exploit for NFR Agent SRS Record version 1.0.4.3. This is for an older finding from 2012. ============================================================================================================================================= | Title : NFR Agent SRS Record...

CVE-2026-1793

The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'rendersvg' function. This makes it possible for authenticated attackers, with...