Tag
high
advisory
Salon Booking System WordPress Plugin Arbitrary File Read Vulnerability
2 rules 1 TTP 1 CVEThe Salon Booking System WordPress plugin is vulnerable to arbitrary file read, allowing unauthenticated attackers to exfiltrate local files by manipulating file-field values in booking confirmation emails.
Salon Booking System – Free Version plugin for WordPress <= 10.30.25
arbitrary-file-read
wordpress
plugin-vulnerability
cve
2r
1t
1c
medium
advisory
OpenClaw Arbitrary File Read and Credential Exfiltration Vulnerability
2 rules 1 TTPThe openclaw package is vulnerable to arbitrary file read and credential exfiltration due to media local roots self-whitelisting in `appendLocalMediaParentRoots`, allowing a model to initiate arbitrary host file reads, potentially leading to credential exfiltration.
arbitrary-file-read
credential-exfiltration
openclaw
npm
2r
1t
high
advisory
i18next-fs-backend Path Traversal Vulnerability
2 rules 1 TTPi18next-fs-backend versions before 2.6.4 are vulnerable to path traversal due to insufficient sanitization of the lng and ns values, potentially allowing attackers to read arbitrary files, overwrite files, or execute code if .js or .ts locale files are in use.
i18next-fs-backend
path-traversal
i18next
arbitrary-file-read
arbitrary-file-write
code-execution
2r
1t