CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal

MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...

LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

CVE-2026-25891

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

Fiber 路径遍历漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber v3 and earlier have a path traversal vulnerability. This vulnerability arises from the possibility of bypassing the static middleware cleaner, which may lead to the reading of arbitrary files on the Windows server file system...

CVE-2026-2464 Directory Traversal in AMR Printer Management by AMR

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...

CVE-2026-2464 Directory Traversal in AMR Printer Management by AMR

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...

PT-2026-20415

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...

CVE-2025-64107

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes ./.cursor/./././././mcp.json etc., and requires human approval to complete the operation. However, the same kin...

EUVD-2025-36096

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

CVE-2025-12055

MPDV Mikrolab HYDRA X, MIP 2 and FEDRA 2 are affected by an unauthenticated local file disclosure bug up to Maintenance Pack 36 with Servicepack 8 (week 36/2025). The issue stems from improper validation of the Filename parameter in the public $SCHEMAS$ resource, allowing an attacker to read arbi...

CVE-2025-12055 Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

EUVD-2019-17802

Malware in sbrugna...

CVE-2024-1790

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrar...

PT-2024-37951 · Perkinelmer · Perkinelmer Processplus

Name of the Vulnerable Software and Affected Versions: PerkinElmer ProcessPlus versions through 1.11.6507.0 Description: The issue is related to a local file inclusion in PerkinElmer ProcessPlus, allowing files on the Windows system to be accessible without authentication to external parties...

Metabase 信息泄露漏洞

Metabase is an open source data analytics platform from US-based Metabase, Inc. Metabase suffers from an information disclosure vulnerability that stems from having a proxy that is used to load JSON-mapped arbitrary URLs as part of our GeoJSON support. While we perform validation to not return th...

CVE-2022-25216

An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player recently renamed PlayerFab has read-access, by means of an HTTP GET request to http://:32080/download/...

PT-2019-11190 · Apache · Tapestry

Name of the Vulnerable Software and Affected Versions: Tapestry affected versions not specified Description: The issue concerns a path traversal attack. Specifically, Tapestry processes assets using the /assets/ctx endpoint, which is handled by a chain of classes: StaticFilesFilter -...

[SECURITY] [DLA 1759-1] clamav security update

Package : clamav Version : 0.100.3+dfsg-0+deb8u1 CVE ID : CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 Debian Bug : Out-of-bounds read and write conditions have been fixed in clamav. CVE-2019-1787 An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to...