file-disclosure 8

• XXE Injection via Envelope Import Leads to Arbitrary File Read | Foldmark Jun 9, 2026
• Local File Inclusion via Template Router | CostThis Jun 9, 2026
• Local File Inclusion via Double URL Encoding | Mirage May 27, 2026
• SSRF Blocklist Bypass – Internal File Disclosure via Localhost Filtering Evasion | CutCorner May 22, 2026
• XXE Injection – Arbitrary File Disclosure via XML Import | Holloway May 13, 2026
• Server-Side Template Injection Leading to Remote Code Execution | Outbox May 12, 2026
• XInclude Injection to Arbitrary File Read | Tanuki May 12, 2026
• Local File Inclusion (LFI) to Sensitive File Disclosure | Mapleton May 12, 2026