This page collects WhisperX intelligence signals tagged #arbitrary-file-read. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security fix addressing CVE-2024-34693 has been removed from Apache Superset, restoring a vulnerability that allows authenticated users to read arbitrary files from MariaDB servers. The revert strips away local_infile connection parameter restrictions from MariaDBEngineSpec, enabling LOAD DATA LOCAL INFILE t...
A critical input validation vulnerability in Apache Superset exposes affected installations to arbitrary file read attacks by authenticated users through specially crafted MariaDB connections. The flaw leverages the LOCAL_INFILE capability—a database feature disabled by default on MariaDB servers but potentially exploi...
A critical security vulnerability has been identified in Vite, a widely adopted JavaScript build tool and development server. The flaw, tracked as CVE-2026-39363 and documented in GitHub Security Advisory GHSA-p9ff-h696-f583, allows an attacker to read arbitrary files on the system through the Vite Dev Server WebSocket...
Vite has released version 6.4.2 to address CVE-2026-39363, a security vulnerability that allowed arbitrary file read through the Vite Dev Server WebSocket interface. The flaw, tracked as GHSA-p9ff-h696-f583, stems from the `server.fs` strict check—a security boundary meant to restrict filesystem access—failing to enfor...
Wordfence threat intelligence researchers have disclosed critical security vulnerabilities in the Avada Builder WordPress plugin, a widely deployed page builder tool, potentially exposing approximately one million WordPress installations to remote attacks. The flaws combine an arbitrary file read vulnerability and a SQ...