11244 matches found
📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection
PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...
CVE-2025-68476
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
AZL-72868 CVE-2025-68476 affecting package keda for versions less than 2.14.1-9
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
CVE-2021-47714
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pgreadfile PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server...
CVE-2021-47714
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pgreadfile PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server...
CVE-2021-47714 Hasura GraphQL 1.3.3 Local File Read via SQL Injection
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pgreadfile PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server...
CVE-2021-47714 Hasura GraphQL 1.3.3 Local File Read via SQL Injection
Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pgreadfile PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server...
CVE-2021-47714
Hasura GraphQL Engine 1.3.3 is affected by a local file read vulnerability exploitable via SQL injection at the query endpoint, enabling reading arbitrary files on the server through PostgreSQL’s pg_read_file(). Root cause is unsanitized SQL path in the query endpoint that allows crafting queries...
CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
EUVD-2025-204753
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
CVE-2025-68476
CVE-2025-68476 affects KEDA . Prior to versions 2.17.3 and 2.18.3 , there is an Arbitrary File Read via insufficient path validation when loading the Service Account Token in spec.hashiCorpVault.credential.serviceAccount . An attacker with permissions to create/modify a TriggerAuthentication reso...
CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
GHSA-C4P6-QG4M-9JMR KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...
CVE-2025-15015 Ragic|Enterprise Cloud Database - Arbitrary File Read
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
EUVD-2025-204689
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-15015 Ragic|Enterprise Cloud Database - Arbitrary File Read
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-15015
The CVE-2025-15015 entry concerns Ragic’s Enterprise Cloud Database with an Arbitrary File Read via Relative Path Traversal. The vulnerability is exploitable by unauthenticated remote attackers and could allow downloading arbitrary system files. Multiple connected sources confirm the issue but do...
PT-2025-52690
Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 has a local file read issue. Attackers can access system files through SQL injection in the query endpoint. Exploitation involves the pg read file PostgreSQL function via...