CVE-2018-14831

An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI...

CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

CVE-2018-19458

In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246...

CVE-2021-33359

A vulnerability exists in gowitness 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file...

CVE-2021-22022

The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure...

CVE-2016-10838

cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script SEC-70...

CVE-2016-10829

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error SEC-99...

CVE-2016-10794

cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error SEC-154...

CVE-2016-10400

Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/core/courses/users/createcourse.php. The attacker can read an arbitrary file by visiting getcourseicon.php?id= after the traversal attack...

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file=download=../../1.txt...

CVE-2022-31682

VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data...

CVE-2022-26884

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher...

CVE-2017-18457

cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs SEC-218...

CVE-2017-18448

cPanel before 64.0.21 allows certain file-read operations via a Serverinfomanpage API call SEC-252...

CVE-2017-18396

cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases SEC-329...

CVE-2017-18446

cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API SEC-250...

CVE-2017-18405

cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic SEC-345...

CVE-2011-0244

WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds...