CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

EUVD-2026-27536

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

CVE-2026-34524

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read...

CVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

CVE-2026-33027 Nginx UI: Improper Path Validation Allows Recursive Deletion of the Nginx Configuration Directory

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

CVE-2026-33027

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui configuration improperly handles URL-encoded traversal sequences. When specially crafted paths are supplied, the backend resolves them to the base Nginx configuration directory and executes the operati...

PT-2026-29088

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description Nginx UI improperly handles URL-encoded traversal sequences in its configuration, potentially leading to a partial Denial of Service. Specifically, specially crafted paths can cause the backend to...

EUVD-2024-55345

APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path...

EUVD-2000-0239

Malware in sbrugna...

CVE-2024-13982 SPON IP Network Intercom System rj_get_token.php Arbitrary File Read

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to perfor...

📄 White Star Software Protop 4.4.2-2024-11-27 Local File Inclusion

A local file inclusion vulnerability exists in White Star Software Protop version 4.4.2. An unauthenticated remote attacker can retrieve arbitrary files via URL-encoded traversal sequences in the /pt3upd/ endpoint. Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion...

Exploit for Improper Encoding or Escaping of Output in Apache Http_Server

CVE-2024-38475SonicBoomApacheURLTraversalPoC Author: a...

OESA-2025-1322 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in plone.rest versions 2.0.0 and 3.0.0, which stems from a denial of service DoS when a traverser is used multiple times in a URL, which can make the processing time longer...

serverliujiayi1 Directory Traversal Vulnerability

serverliujiayi1 is an http server. A directory traversal vulnerability exists in serverliujiayi1. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...

Tinyserver2 Directory Traversal Vulnerability

tinyserver2 is a static content server. A directory traversal vulnerability exists in tinyserver2. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...

looppake directory traversal vulnerability

looppake is a simple http server. A directory traversal vulnerability exists in looppake. An attacker can exploit this vulnerability by placing "... /" in the URL to access the file system...

Serve46 Directory Traversal Vulnerability

Serve46 is a static file server. A directory traversal vulnerability exists in serve46. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...

CVE-2017-16221

yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16193

mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...