Hasura GraphQL Engine SQL注入漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A SQL injection vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from the fact that SQL injection may result in local file reads...

PT-2025-52625

Name of the Vulnerable Software and Affected Versions Ragic Enterprise Cloud Database affected versions not specified Description An unauthenticated remote attacker can exploit a Relative Path Traversal issue to download arbitrary system files. The issue is an Arbitrary File Read impacting the...

Exploit for Improper Restriction of XML External Entity Reference in Apache Tika

CVE-2025-66516: Minimized Verification Environment This proje...

CVE-2025-68279

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue...

CVE-2025-68279

Weblate (web-based localization tool) contains an information disclosure vulnerability prior to 5.15.1: crafted symbolic links in a repository can cause reading arbitrary files from the server filesystem. The issue is fixed in Weblate 5.15.1. Remediate by upgrading to 5.15.1 or later.

CVE-2025-68279 Weblate has an arbitrary file read via symbolic links

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue...

CVE-2025-68279 Weblate has an arbitrary file read via symbolic links

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue...

CVE-2025-68279 Weblate has an arbitrary file read via symbolic links

Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue...

EUVD-2025-204420

Weblate has an arbitrary file read via symbolic links...

GHSA-G925-F788-4JH7 Weblate has an arbitrary file read via symbolic links

Impact It was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Resources Thanks to Jason Marcello for responsible disclosure...

Weblate has an arbitrary file read via symbolic links

Impact It was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Resources Thanks to Jason Marcello for responsible disclosure...

📄 Jenkins 2.441 Arbitrary File Read

Jenkins version 2.441 proof of concept arbitrary file read exploit. ============================================================================================================================================= | Title : Jenkins 2.441 read files Vulnerability | | Author : indoushka | | Tested on :...

CVE-2023-53907

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through...

CVE-2025-67819

An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...

WordPress Zephyr Project Manager plugin <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery vulnerability

Authenticated Custom+ Arbitrary File Read And Server-Side Request Forgery vulnerability discovered by type5afe in WordPress Plugin Zephyr Project Manager versions = 3.3.203...

CVE-2025-12496

The CVE-2025-12496 entry concerns the Zephyr Project Manager WordPress plugin. It describes a Directory Traversal vulnerability across all versions up to 3.3.203 via the file parameter, enabling authenticated attackers with Custom-level access and above to read arbitrary server files (potentially...

CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

CVE-2025-12496 Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery

The Zephyr Project Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.203 via the file parameter. This makes it possible for authenticated attackers, with Custom-level access and above, to read the contents of arbitrary files on the server,...

org.apache.kafka: Kafka Client Arbitrary File Read SSRF

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

GHSA-G239-Q96Q-X4QM @vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...