227 matches found
CVE-2026-3576
The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authenticatio...
EUVD-2026-43137
The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authenticatio...
CVE-2026-3576 Planyo online reservation system <= 3.0 - Unauthenticated Server-Side Request Forgery via 'ulap_url' Parameter
The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authenticatio...
CVE-2026-3576
CVE-2026-3576 affects the Planyo Online Reservation System plugin for WordPress (versions up to 3.0). The flaw is an unauthenticated Server-Side Request Forgery via the ulap_url AJAX proxy (ulap.php). The allowlist checks a host (e.g., localhost) but does not validate the URL scheme, allowing a c...
PT-2026-57397
Name of the Vulnerable Software and Affected Versions Planyo Online Reservation System plugin for WordPress versions prior to 3.1 Description An unauthenticated Server-Side Request Forgery SSRF exists that leads to Local File Inclusion LFI. The ulap.php file functions as an AJAX proxy and is...
Files or Directories Accessible to External Parties
Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the remote repository URL validation in src/core/git/gitRemoteParse.ts and the public website pac...
Astra Linux – Vulnerability in Firefox
A compromised web child process could disable web security opening restrictions, resulting in a new child process being spawned within the file:// context. With a reliable exploit primitive, this new process could be exploited again, leading to arbitrary file reading. This vulnerability affects...
Astra Linux – Vulnerability in Thunderbird
Thunderbird’s handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By creating a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...
Astra Linux – Vulnerability in Firefox
If temporary “one-time” permissions, such as the ability to use the Camera, are granted to a document loaded using a file: URL, those permissions persist in that tab for all other documents loaded from the same file: URL. This is potentially dangerous if the local files come from different source...
GHSA-HGQW-6M45-HW5F Streamlink has an arbitrary local file read via file:// URI in HLS and DASH
Summary Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file as a segment, and streamlink will read that local file and write its contents to the output stream...
CVE-2026-42307
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...
UBUNTU-CVE-2026-42307
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...
CVE-2026-42307
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...
Server-side Request Forgery (SSRF)
Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the convertUrlRoute and screenshotUrlRoute processes. An attacker can access sensitive files...
CVE-2026-43577
OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...
PT-2026-38232
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description A file read issue allows attackers to bypass navigation guards through browser act/evaluate interactions. This enables attackers to pivot into the local Chrome DevTools Protocol CDP origin and...
CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...
CVE-2026-41177
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...
EUVD-2026-25110
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...
CVE-2026-41177
CVE-2026-41177 — Squidex Restore API Blind SSRF : The Restore API in Squidex (pre-7.23.0) fails to validate the URI scheme of the user-supplied Url parameter, allowing an authenticated administrator to trigger the backend to access the local filesystem via a file:// URL. This can lead to Local Fi...