11244 matches found
CVE-2025-59381 QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...
CVE-2025-59380
CVE-2025-59380 describes a path traversal vulnerability in QNAP QTS and QuTS hero. A remote attacker with administrator privileges could read unexpected files or system data. Concrete details from connected sources: affected products are QTS 5.2.8.3332 build 20251128 and later, and QuTS hero h5.2...
Improper Validation of Specified Type of Input
Overview yara-mail is an A Python package and command line utility for scanning emails with YARA rules Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the automatic treatment of string input as a filesystem path in the...
PT-2026-4295
Name of the Vulnerable Software and Affected Versions Incus versions 6.21.0 and below IncusOS affected versions not specified Description Incus is a system container and virtual machine manager. A flaw exists where a user capable of launching containers with custom images e.g., a member of the...
WordPress Music Sheet Viewer plugin <= 4.1 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Peter Thaleikis in WordPress Plugin Music Sheet Viewer versions = 4.1...
WordPress Premium Age Verification / Restriction for WordPress plugin <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php vulnerability
Unauthenticated Arbitrary File Read and Write via remotetunnel.php vulnerability discovered by ch4r0n - FPT Software in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...
WordPress Eventin plugin <= 4.0.26 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by mikemyers in WordPress Plugin Eventin versions = 4.0.26...
WordPress WP Ghost plugin <= 5.4.01 - Unauthenticated Limited File Read vulnerability
Unauthenticated Limited File Read vulnerability discovered by mikemyers in WordPress Plugin Hide My WP Ghost versions = 5.4.01...
GeoServer WMS GetMap XXE Arbitrary File Read
This module exploits an XML External Entity XXE vulnerability in GeoServer via the WMS GetMap operation. The vulnerability allows reading arbitrary files from the server's file system by injecting an XXE entity in the SLD Styled Layer Descriptor. Affected versions: - GeoServer = 2.26.0, use...
CVE-2025-15227
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-15225
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files...
GO-2025-4257 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda...
CVE-2024-25181
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...
CVE-2024-25181
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...
CVE-2025-15227
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-15227
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-15225
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files...
CVE-2025-15225
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files...
CVE-2025-15227 WELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File Read
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-15227 WELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File Read
BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...