173 matches found
CVE-2026-61505
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...
CVE-2026-61505 Rejetto HFS < 3.2.1 Limited File Disclosure via Path Traversal in lang Parameter
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...
CVE-2026-61505
Vulnerability summary: Rejetto HFS versions 3.0.0–3.2.0 are affected by a path traversal via the lang parameter, allowing a remote, unauthenticated attacker to read certain JSON files outside shared folders. The impact is constrained to files matching a narrow naming/format pattern, with no indic...
CVE-2026-61505 Rejetto HFS < 3.2.1 Limited File Disclosure via Path Traversal in lang Parameter
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...
GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files
attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...
CVE-2026-23537 Feast: unauthenticated arbitrary file write
A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...
PT-2026-54710
Name of the Vulnerable Software and Affected Versions Feast Feature Server affected versions not specified Description An unauthenticated remote attacker can write arbitrary JSON files to the server filesystem via the /save-document endpoint. The issue stems from improper input validation that...
CVE-2026-58171
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...
EUVD-2026-40352
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...
CVE-2026-5627
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the...
Securly Chrome Extension 安全漏洞
Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly, targeting educational scenarios. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability arises from downloading...
Astra Linux – Vulnerability in libfastjson
JSON-C version 0.14 has an integer overflow issue, and there is a risk of out-of-bounds write operations through a large JSON file, as demonstrated by the printbufmemappend function...
EUVD-2026-28826
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...
CVE-2026-7807
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...
CVE-2026-7807
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...
CVE-2026-7807
SmarterTools SmarterMail
PT-2026-39193
Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9560 Description An issue in the '/api/v1/report/summary/type' API endpoint allows authenticated users to perform local file inclusion, enabling the reading of arbitrary .json files on the system. Thi...
GHSA-29RG-WMCW-HPF4 Nuclei: Local File Read via require() Module Loader Bypass
A vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file access restriction. Affected Component The issue is in the JavaScript runtime's module loading system. The goja...
Nuclei: Local File Read via require() Module Loader Bypass
A vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file access restriction. Affected Component The issue is in the JavaScript runtime's module loading system. The goja...
CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...