CVE-2026-46491 SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

CVE-2026-43975 Apache Wicket: Possible malicious path traversal in FolderUploadsFileManager

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

Astra Linux – Vulnerability in libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. When reading a file, libwebp allocates an excessive amount of memory. The greatest threat posed by this vulnerability is related to service availability...

Malicious code in unisys-uka (npm)

Package is malware. Collects sensitive info, reads files, executes commands, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25745bb1be4d673e8e465091f55bfdad6ad5cd5740583fd9a9f38fd7dd3e5d57 The...

MAL-2026-2824 Malicious code in unisys-uka (npm)

Package is malware. Collects sensitive info, reads files, executes commands, and exfiltrates data to a remote server via postinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25745bb1be4d673e8e465091f55bfdad6ad5cd5740583fd9a9f38fd7dd3e5d57 The...

PT-2026-25825

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue where the POST request to the /api/import/importStdMd endpoint directly passes the localPath parameter to the model.ImportFromLocalPath...

CVE-2026-30869

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

CVE-2026-30942

Flare (Next.js-based, self-hosted file sharing) contains an authenticated path traversal in /api/avatars/[filename] prior to version 1.7.3. The filename is passed to path.join() without sanitization and getFileStream() performs no path validation, allowing %2F-encoded ../ sequences to escape uplo...

CVE-2025-62853

A path traversal vulnerability in File Station 5 allows an attacker with a user account to read contents of files and system data. Affected: File Station 5; root cause: path traversal. Impact (per metrics): confidentiality LOW, integrity HIGH, availability HIGH; exploitation requires network acce...

CVE-2025-34238

Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...

CVE-2025-33037

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

php: XML loading external entity without being enabled

A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...

CVE-2021-37442

NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files...

CVE-2018-12713

GIMP through 2.10.2 makes ggettmpdir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimpwriteandreadfile function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was...