CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

EUVD-2026-30957

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via the remoteurl parameter in the remote directory scan endpoint POST /v1/iac/iacVersion/cloud/remote/dir/scan when running in server mode. An unauthenticated remote attacker can supply an attacker-controlled HTTP URL...

CVE-2026-2606

IBM webMethods API Gateway on-prem 10.11 through 10.11Fix3210.15 to 10.15Fix2711.1 to 11.1Fix7 IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI...

EUVD-2025-19207

Malicious code in bioql PyPI...

EUVD-2025-18684

Malicious code in bioql PyPI...

Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

GHSA-9X53-GR7P-4QF5 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

CVE-2025-4602

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the getfile function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contai...

CVE-2024-45627

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

CVE-1999-0695

The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. dot dot attack...

CVE-2025-2775 SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

Cisco IOS XE 操作系统命令注入漏洞

Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE suffers from an operating system command injection vulnerability that ste...

PT-2025-16173 · Apache · Apache Seatunnel

Name of the Vulnerable Software and Affected Versions: Apache SeaTunnel versions =2.3.10 Description: Unauthorized users can perform Arbitrary File Read and Deserialization attack by submitting a job using the restful api-v1. An attacker can access the /hazelcast/rest/maps/submit-job endpoint to...

CVE-2024-13681 Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...

CVE-2024-45627

Summary (CVE-2024-45627) In Apache Linkis, versions earlier than 1.7.0 are vulnerable due to insufficient filtering of parameters in the DataSource Manager’s MySQL JDBC configuration. An attacker with an authorized Linkis account can configure malicious MySQL JDBC parameters to read arbitrary fil...

CVE-2024-23899

Jenkins Git server Plugin 99.va0826abcdfad and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenki...

CVE-2022-31793

dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...

CVE-2020-15246

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 v1.0.469 and...