12 matches found
CVE-2026-49984
CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...
CVE-2026-4233
A vulnerability was identified in ThingsGateway 12. This affects an unknown part of the file /api/file/download. The manipulation of the argument fileName leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The vendor was...
CVE-2022-36671
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...
CVE-2021-38146
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...
PT-2024-15650 · Git +2 · Anything-Llm +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A user who is already privileged as manager or admin can exploit this issue by setting their profile picture via the frontend API using a relative...
CVE-2022-36671
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...
CVE-2022-36671
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...
Arbitrary file deletion
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...
CVE-2021-38146
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...
CVE-2021-38146
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...
CVE-2021-38146
The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...
CVE-2021-38146
CVE-2021-38146 affects Wipro Holmes Orchestrator 20.4.1. The vulnerability is an unauthenticated, absolute path traversal in the File Download API (POST /home/download, SearchString parameter) that allows reading arbitrary server files. CVSS v3.1 base score 7.5 (HIGH) with network access, low att...