curl: Path Traversal in file:// protocol allows Arbitrary File Read

Summary: The file:// protocol handler in curl does not properly sanitise or block path traversal sequences ../. This allows a maliciously crafted file:// URL to escape the intended directory and access arbitrary files on the filesystem with the permissions of the user running curl. When curl is...

CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-13771 Uniong｜WebITR - Arbitrary File Read

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-13771

CVE-2025-13771 concerns WebITR, a system from Uniong. The vulnerability is an Arbitrary File Read caused by a Relative Path Traversal flaw, allowing authenticated remote attackers to download arbitrary system files. Affected details are consistently described across Red Hat, NVD, CIRCL, ENISA EUV...

CVE-2025-13771 Uniong｜WebITR - Arbitrary File Read

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

EUVD-2025-199863

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

Security Bulletin: Vulnerabilities in Apache Kafka Client affect BM Spectrum Control

Summary Apache Kafka Client is vulnerable to Server-Side Request Forgery , Remote Code Execution. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka...

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

PT-2025-48322

Name of the Vulnerable Software and Affected Versions WebITR affected versions not specified Description WebITR, developed by Uniong, contains an Arbitrary File Read issue stemming from Relative Path Traversal. Authenticated remote attackers can exploit this to download arbitrary system files. Th...

Exploit for CVE-2021-43008

CVE-2021-43008 — Vulnérabilité Adminer Lecture arbi...

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

FastAdmin Arbitrary File Read Vulnerability of Shenzhen Extreme Creative Technology Co.

FastAdmin is an open source and free commercial backend development framework, built on ThinkPHP and Bootstrap, with a comprehensive permission management system and one-click generation of CRUD and other powerful features. Shenzhen Extreme Creative Technology Co. FastAdmin arbitrary file reading...

📄 Check Point Security Gateway R80.30 Arbitrary File Read

Proof of concept exploit for an unauthenticated arbitrary file read vulnerability in Check Point Security Gateway version R80.30. ============================================================================================================================================= | Title : Check Point...

CVE-2025-34350

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

Security update for yelp

This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:2169-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

CVE-2025-13380

The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...