CVE-2026-3312

A flaw was found in Pagure's rendering engine for reStructuredText RST files. An authenticated user can exploit an unrestricted .. include:: directive within RST files to read arbitrary internal files from the server hosting Pagure. This information disclosure vulnerability allows unauthorized...

CVE-2024-47580

CVE-2024-47580 affects SAP NetWeaver AS Java (Adobe Document Service). An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment; by forcing the file to be an internal server file and downloading the PDF, they can read arbitrary server...

CVE-2024-28247

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...

CVE-2024-28247 Pihole Authenticated Arbitrary File Read with root privileges

The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs...

CVE-2024-28247

Pi-hole Core (DNS sinkhole) is affected by CVE-2024-28247 due to an authenticated Arbitrary File Read via the file:// handling path. The issue allows an authenticated user to read internal server files, exploiting local-file update logic where non-domain lines printed from a provided file could r...

Arbitrary File Read

OpenRefine is vulnerable to Arbitrary File Read. The vulnerability due to improper jdbc url sanitization, which allows an attacker to set the allowLoadLocalInfile value to true by passing it through the databaseName parameter. This can be exploited to read sensitive internal server files...