Arbitrary Argument Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...

CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-26058

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

Tolgee 代码问题漏洞

Tolgee is an open-source, multilingual translation and localization platform developed by Tolgee itself. It aims to help development teams easily manage and maintain multilingual software applications and websites. Versions of Tolgee prior to 3.166.3 contained code vulnerabilities. These...

UBUNTU-CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

PT-2024-27139 · WordPress · Web Directory Free Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Web Directory Free WordPress plugin versions prior to 1.7.3 Description: The issue is related to a Local File Inclusion problem. It occurs because the plugin does not validate a parameter before using it in an include, which could lead to Loc...

CVE-2023-4550

Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. Thi...

OpenCart SQL injection vulnerability

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background...

CVE-2021-40095

An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability when processing remote input in the log files downloaded by an authenticated administrator user, leading to the ability to read...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server...

CVE-2021-27657

Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls...

Dreamer CMS suffers from a directory traversal vulnerability

Dreamer CMS dreamer content publishing system is the first java development content publishing system , using the most popular springboot + thymeleaf framework to build , flexible and compact , simple configuration . Dreamer CMS has a directory traversal vulnerability that can be exploited by an...

loklak path traversal vulnerability

Loklak Server is a server-side application from the Loklak team for collecting text information from multiple sources. loklak suffers from a path traversal vulnerability that stems from insufficient input validation leading to a directory traversal vulnerability. An attacker can exploit this...

Apache Nutch 代码问题漏洞

Apache Nutch is a Java-based scalable crawler software from the Apache Foundation. Versions of Apache Nutch prior to 1.18 suffer from an XML external entity injection vulnerability that allows an attacker to view files on the application server file system and interact with any backend or externa...

Path Traversal

Overview All versions of static-resource-server are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Directory Traversal Vulnerability in 56iq Digital Signage Software Frontend

56iq digital signage software is a digital signage content creation software, used to create exciting programs in plasma liquid crystal LCD flat-panel TVs, LED screens, projection equipment and other multimedia terminals playback and touch interactive applications. A directory traversal...

pdfbox: XML External Entity vulnerability

It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...

File Containment Vulnerability in Minyou Website Builder System

Minyou web site building system is developed by java content management system is mostly used in government, school management system. The product's download.jsp page pathfile parameter exists arbitrary file download vulnerability, poc for: http://host/download.jsp?pathfile=/... /... /... /... /...

Wordpress Plugins - wp superb Slideshow Full Path Disclosure

the attacker can use this bug for get Important information 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1...