102 matches found
Deserialization vulnerability
Jenkins uses serialization and deserialization in multiple places, like agent/controller communication the Remoting library and to load and save configuration and build data using XStream. To protect from common deserialization vulnerabilities, Jenkins uses a custom deserialization filter that on...
CVE-2026-10075
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...
USN-8394-1: YARD vulnerability
It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...
Lyrion Music Server 路径遍历漏洞
Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a path traversal vulnerability. This vulnerability allows for the reading of arbitrary files through path traversal techniques...
CVE-2026-40547 Path Traversal in SOPlanning
SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...
PT-2026-35439
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...
CVE-2026-42095
bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...
SoftSul SAC-NFe 安全漏洞
SoftSul SAC-NFe is an electronic invoice management system developed by the Brazilian company SoftSul. Version 2.0.02 of SoftSul SAC-NFe contains a security vulnerability. This vulnerability stems from defects in the file processing logic of the download.php component, which may lead to directory...
CVE-2026-39365 Vite has a Path Traversal in Optimized Deps `.map` Handling
Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...
CVE-2026-33195
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...
Group Office 代码问题漏洞
Group Office is a modular office suite developed by the Dutch company Group Office. Versions of Group Office prior to 6.8.150, 25.0.82, and 26.0.5 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the WOPI service discovery URL, which could lead to...
CVE-2021-47849
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests...
CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...
QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A path traversal vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from path traversal and could result in reading...
CVE-2025-48591
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2025-43488
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2025-39247
Name of the Vulnerable Software and Affected Versions nncp versions prior to 8.12.0 Description The software contains a path traversal flaw that could allow reading or writing to files. This issue occurs during the process of freqing and saving files when handling crafted paths within packet data...
CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
LangChain Go 安全漏洞
LangChain Go is a simple framework for writing LLM-based programs in Go by the individual developer Travis Cline. A security vulnerability exists in LangChain Go version 0.1.14, which stems from support for include and extends syntax for reading files, and could lead to a server-side template...
CVE-2023-21471
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission...