CVE-2025-15227

The CVE concerns BPMFlowWebkit from WELLTEND TECHNOLOGY, with an Arbitrary File Read vulnerability exploitable via Absolute Path Traversal. The description across sources states unauthenticated remote attackers can download arbitrary system files. Documents do not specify affected versions, vulne...

CVE-2025-15225 Sunnet｜WMPro - Arbitrary File Read

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files...

CVE-2025-15225 Sunnet｜WMPro - Arbitrary File Read

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files...

EUVD-2025-205560

WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files...

CVE-2025-15225

WMPro by Sunnet is affected by an Arbitrary File Read vulnerability exploitable via Relative Path Traversal. The issue allows unauthenticated remote attackers to read arbitrary system files. Available documents consistently describe the vulnerability class and impact but do not specify affected v...

PT-2025-53700

Name of the Vulnerable Software and Affected Versions WMPro affected versions not specified Description WMPro developed by Sunnet has an Arbitrary File Read issue. Unauthenticated remote attackers can exploit Relative Path Traversal to read arbitrary system files. Recommendations At the moment,...

SUNNET WMPro 安全漏洞

SUNNET WMPro is a suite of online learning platforms from Taiwan, China's Sunnet Technology SUNNET. A security vulnerability exists in SUNNET WMPro, which stems from the presence of an arbitrary file read vulnerability that could allow an unauthenticated, remote attacker to read arbitrary system...

WELLTEND BPMFlowWebkit 安全漏洞

WELLTEND BPMFlowWebkit is a business process management system from Taiwan, China-based WELLTEND. A security vulnerability exists in WELLTEND BPMFlowWebkit, which stems from an arbitrary file read vulnerability that could allow an unauthenticated, remote attacker to traverse and download arbitrar...

CVE-2024-25181

CVE-2024-25181 affects givanz VvvebJs 1.7.2. The issue stems from improper handling of user-supplied URLs in the file_get_contents call in save.php, enabling Server-Side Request Forgery (SSRF) and arbitrary file reading. The CVSSv3.1 base score is 9.1 (CRITICAL) with NETWORK_VECTOR, LOW attack co...

PT-2025-53784

Name of the Vulnerable Software and Affected Versions givanz VvvebJs version 1.7.2 Description A critical issue exists in givanz VvvebJs version 1.7.2 that permits Server-Side Request Forgery SSRF and arbitrary file reading. This is due to improper handling of user-supplied URLs within the file g...

CVE-2025-66737

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

PT-2025-135: Local File Read in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

EUVD-2025-205453

Self-hosted n8n has Legacy Code node that enables arbitrary file read/write...

Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

Impact In self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with...

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

CVE-2024-42718

CVE-2024-42718 affects Croogo CMS 4.0.7 and is a path-traversal vulnerability that allows remote attackers to read arbitrary files via a crafted value in the edit-file parameter. The issue is documented across multiple feeds (Red Hat, CIRCL, OSV, NVD, etc.) with the same description. The CVE entr...

CVE-2024-42718

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter...

CVE-2025-66737

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

EUVD-2025-205448

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

PT-2025-53600

Name of the Vulnerable Software and Affected Versions Yealink T21P E2 Phone version 52.84.0.15 Description The Yealink T21P E2 Phone version 52.84.0.15 contains a directory traversal flaw. A remote attacker with normal privileges can read arbitrary files through a crafted request to the diagnosti...