5637 matches found
CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
EUVD-2026-40066
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601
CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...
CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal
Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosure caused by improper verification of the 'file' GET parameter in logdownload.cgi, letting attackers disclose sensitive files via directory traversal, exploit requires no authentication. id: CVE-2022-37122...
osTicket - Arbitrary File Read
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Webmin before 1.290 and Usermin before 1.220 contain a path traversal caused by calling the simplifypath function before decoding HTML, letting remote attackers read arbitrary files, exploit requires sending crafted '..%01' sequences. id: CVE-2006-3392 info: name: Webmin 1.290 / Usermin 1.220 -...
ECOA Building Automation System - Arbitrary File Retrieval
The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...
Discourse Backup File Disclosure Via Default Nginx Configuration
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...
Cellinx NVT Web Server - Local File Disclosure
Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. id: CVE-2023-23063 info: name: Cellinx NVT Web Server - Local File Disclosure author: daffainfo severity: high description: | Cellinx NVT v1.0.6.002b was discover...
Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure. id: CVE-2022-38840 info: name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity XXE author: daffainfo severity: high description: |...
EUVD-2026-38054
PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option...
Icinga Web 2 - Arbitrary File Disclosure
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. id: CVE-2022-24716 info:...
Adobe Connect < 12.1.5 - Local File Disclosure
Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...
LangChain < 1.3.9 Path Traversal (CVE-2026-55443)
The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore, affected by a path traversal vulnerability: - Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root director...
CVE-2026-44022 Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...
CVE-2026-54009
CVE-2026-54009 affects Open WebUI prior to 0.9.6. The vulnerability arises in the image_url handling path: convert_url_images_to_base64 calls get_image_base64_from_url without a user context, and get_image_base64_from_url uses Files.get_file_by_id (no ownership check) to retrieve a file by ID. Th...