875 matches found
CVE-2026-35082
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
CVE-2026-35076
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35078
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35082 Local file inclusion vulnerability and deletion in ugw-logread method
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...
CVE-2026-35082
The CVE-2026-35082 entry describes a Local File Inclusion in the ugw-logread method, where insufficient validation of user-supplied input lets a remote attacker with user privileges access arbitrary local files. The CERT/VDE metrics indicate HIGH impact (confidentiality, integrity, availability) ...
CVE-2026-35077 Arbitrary file delete vulnerability in method ugw-delete-file
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
EUVD-2026-34073
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
EUVD-2026-26368
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...
CVE-2026-33581 OpenClaw < 2026.3.24 - Arbitrary File Read via mediaUrl and fileUrl Parameters
OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in the message tool that allows attackers to read arbitrary local files by using mediaUrl and fileUrl alias parameters that bypass localRoots validation. Remote attackers can exploit this by routing file requests through unvalidate...
PT-2026-29049
Name of the Vulnerable Software and Affected Versions CrewAI affected versions not specified Description The software contains a flaw where the JSON loader tool reads files without proper path validation. This allows unauthorized access to files on the server. The issue involves an arbitrary loca...
CVE-2026-33354
WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...
SQLBot 代码问题漏洞
SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.7.0 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgery in the/api/v1/datasource/check endpoint, which could lead...
Cross-site Scripting (XSS)
Pyhtml2pdf is vulnerable to Cross-site Scripting XSS. The vulnerability is due to lack of validation of user-supplied HTML content, which allows an attacker to access and retrieve arbitrary local files...
CVE-2021-4472 Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature
The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...
CVE-2025-62356
CVE-2025-62356 affects Qodo Gen IDE (Qodo Gen IDE). A path traversal vulnerability enables a threat actor to read arbitrary local files on an end user’s system, including files outside of current projects. The issue is reachable directly and via indirect prompt injection, impacting confidentialit...
EUVD-2009-4388
Malware in sbrugna...
EUVD-2007-6055
Malware in sbrugna...
EUVD-2006-5716
Malware in sbrugna...
EUVD-2007-6533
Malware in sbrugna...
EUVD-2007-6198
Malware in sbrugna...