89 matches found
CVE-2026-59703
repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...
EUVD-2026-42273
repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...
CVE-2026-59703
repomix is affected by a local file inclusion vulnerability in the git clone endpoint. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts does not block file:// URLs, allowing an unauthenticated user to supply file:// scheme URLs that bypass validation and are passed to git clone, ...
CVE-2026-41177
Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...
CVE-2026-42597
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...
Docling: Unsafe URI and Path Handling in HTML Backend
Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...
SUSE CVE-2026-48522
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the uri parameter being passed directly to urllib.request.urlopen, which allows fetching resources using unsupported schemes such as file, ftp, and data. An attacker can access...
CVE-2026-48522
PyJWKClient in PyJWT prior to 2.13.0 passes its uri argument directly to urllib.request.urlopen(), allowing attacker-controlled jku URLs to trigger SSRF and related token-forgery scenarios via file://, ftp://, or data: schemes. Affected component: PyJWKClient (Python). Root cause: lack of a schem...
CVE-2026-48522
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
CVE-2026-44353 Streamlink: Arbitrary local file read via file:// URI in HLS and DASH
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
CVE-2026-44353 Streamlink: Arbitrary local file read via file:// URI in HLS and DASH
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...
Astra Linux – Vulnerability in Pypy
In Python 2.x through 2.7.16, urllib supports the localfile scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs. This is demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...
CVE-2026-42597 Gotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// scheme
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can lo...
Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme
Summary The /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load their own request-local assets, and those routes apply a...
GHSA-G924-CJX7-2RJW Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme
Summary The /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load their own request-local assets, and those routes apply a...
PT-2026-37152
Name of the Vulnerable Software and Affected Versions i18nextify versions prior to 4.0.8 Description The software substitutes key interpolation tokens within src and href attribute values using the raw string from i18next.t. The substitution logic in the replaceInside handler within src/localize....
PT-2026-31789
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web crawl function in praisonaiagents/tools/web crawl tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching...
GHSA-RC55-58F4-687G Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
This vulnerability allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. | Field | Details | | :--- | :--- | |...