CVE-2026-7515

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the docstyle parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code ...

CVE-2026-7515

CVE-2026-7515 affects the BetterDocs Pro WordPress plugin (

PT-2026-50843

Name of the Vulnerable Software and Affected Versions BetterDocs Pro versions prior to 3.8.1 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. Unauthenticated attackers can exploit this via the doc style...

OPENSUSE-SU-2026:11041-1 python-WebOb-doc-1.8.10-1.1 on GA media

These are all security issues fixed in the python-WebOb-doc-1.8.10-1.1 package on the GA media of openSUSE Tumbleweed...

Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

OPENSUSE-SU-2026:10990-1 python-M2Crypto-doc-0.48.0-1.1 on GA media

These are all security issues fixed in the python-M2Crypto-doc-0.48.0-1.1 package on the GA media of openSUSE Tumbleweed...

📄 OpenEMR 7.0.2 Arbitrary File Read

OpenEMR version 7.0.2 suffers from an arbitrary file read vulnerability. Exploit Title: OpenEMR 7.0.2 - Arbitrary File Read Google Dork: intitle:"OpenEMR" inurl:"interface/login/login.php" Date: 2026-06-06 Exploit Author: doany1 Vendor Homepage: https://www.open-emr.org/ Software Link:...

OPENSUSE-SU-2026:10973-1 python3-oslo.messaging-doc-18.1.0-1.1 on GA media

These are all security issues fixed in the python3-oslo.messaging-doc-18.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

CVE-2026-7314

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-10783 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.9.0 Source cves: CVE-2026-10783 Source advisory: SNYK:PYTHON-GRADIO-17146861...

CVE-2026-42320 GLPI vulnerable to arbitrary file access

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-42320 GLPI vulnerable to arbitrary file access

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.9.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

@cyntler/react-doc-viewer's TXTRenderer fails to sanitize file content and explicitly casts raw data as a ReactNode

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

PT-2026-42214

Name of the Vulnerable Software and Affected Versions @cyntler/react-doc-viewer version 1.17.1 Description A Cross-Site Scripting XSS issue exists where remote attackers can execute arbitrary JavaScript by using a crafted .txt file. This occurs because the TXTRenderer component does not sanitize...

react-doc-viewer 跨站脚本漏洞

react-doc-viewer is a React documentation viewer component developed by Damian Cyntler. Version 1.17.1 of react-doc-viewer contains a cross-site scripting vulnerability. This vulnerability arises from the TXTRenderer component failing to clean up file content and explicitly converting raw data in...

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...