917 matches found
CVE-2026-49984 Kestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...
CVE-2026-49984
CVE-2026-49984 – Kestra : A path traversal vulnerability in the LocalStorage backend allows any authenticated user who can view an execution to read arbitrary files on the server. Before patching, the LocalStorage path validator mishandles Windows-style backslashes, letting an attacker smuggle tr...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the file attachments handling. An attacker can access local files on the...
CVE-2026-53872
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...
Neuron Golem OEE MES 路径遍历漏洞
Neuron Golem OEE MES is a manufacturing execution system and equipment integrated efficiency management platform developed by the Polish company Neuron. The Neuron Golem OEE MES has a path traversal vulnerability, which stems from a path traversal flaw. This vulnerability could allow attackers...
PT-2026-47813
Name of the Vulnerable Software and Affected Versions Schneider Electric Data Center Expert affected versions not specified Description An Improper Restriction of XML External Entity Reference XXE issue exists, which occurs when an application fails to restrict XML external entity references,...
PT-2026-47722
Name of the Vulnerable Software and Affected Versions Slider Revolution versions prior to 7.0.11 Description The plugin is subject to sensitive information disclosure resulting from three design flaws. First, a valid backend AJAX nonce revslider actions is leaked to all authenticated users,...
Schneider Electric Data Center Expert 代码问题漏洞
Schneider Electric Data Center Expert is a data monitoring software developed by Schneider Electric, a multinational technology company. Schneider Electric Data Center Expert has a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability could allow...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the denied function. An attacker can access arbitrary files on the server by supplying crafted input to the filename argument. Details A Directory Traversal attack also known as path traversal aims to access file...
CVE-2026-46397
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written in...
CVE-2026-9197
The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...
CVE-2026-7565
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with administrator-level acces...
PT-2026-47137
Name of the Vulnerable Software and Affected Versions Smart Slider 3 versions prior to 3.5.1.37 Description The Smart Slider 3 plugin for WordPress contains a Directory Traversal flaw within the replaceHTMLImage function. This allows authenticated attackers with administrator-level access or high...
WordPress plugin Smart Slider 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin LearnPress – Backup & Migration Tool 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-11423
The CVE affects Altium Enterprise Server Collaboration Service. The vulnerability is a path traversal in the MCAD and Simulation file download flows caused by improper handling of user-supplied filenames, allowing an authenticated user to craft a filename in a collaboration message that is later ...
CVE-2026-45731
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...
CVE-2026-7182
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...
CVE-2026-6403
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...
CVE-2026-39371
RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to trigger...