11244 matches found
CVE-2025-64324
KubeVirt’s hostDisk DiskOrCreate logic bug allows an attacker to read and write arbitrary files owned by more privileged users on the host, prior to fixes in 1.6.1 and 1.7.0. A patched version is available (e.g., 1.6.1/1.7.0); SUSE notes 1.6.3 as containing the fix.
CVE-2025-56499
Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...
CVE-2025-56499
Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file...
PT-2025-47393
Name of the Vulnerable Software and Affected Versions mihomo version 1.19.11 Description An access control issue exists in mihomo version 1.19.11. Authenticated attackers with limited privileges can read arbitrary files with higher privileges. This is achieved by obtaining an external control key...
GO-2025-4110 KubeVirt Vulnerable to Arbitrary Host File Read and Write in kubevirt.io/kubevirt
KubeVirt Vulnerable to Arbitrary Host File Read and Write in kubevirt.io/kubevirt...
GO-2025-4109 KubeVirt Arbitrary Container File Read in kubevirt.io/kubevirt
KubeVirt Arbitrary Container File Read in kubevirt.io/kubevirt...
EUVD-2025-197810
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
PDFPatcher 安全漏洞
PDFPatcher is a PDF toolkit for WMJ individual developers. A security vulnerability exists in PDFPatcher 1.1.3.4663 and earlier versions, which stems from an under-restricted XML external entity reference, and could lead to arbitrary file reading or SSRF attacks...
CVE-2025-13161
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
OESA-2025-2691 python-Keras security update
Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...
OESA-2025-2690 python-Keras security update
Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...
OESA-2025-2689 python-Keras security update
Keras is a high-level neural networks API for Python. Security Fixes: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from th...
CVE-2025-13161
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-13161 IQ Service International|IQ-Support - Arbitrary File Read
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
EUVD-2025-180548
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-13161 IQ Service International|IQ-Support - Arbitrary File Read
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-13161
IQ-Support (IQ Service International) is affected by CVE-2025-13161, describing an Unauthenticated Arbitrary File Read via Relative Path Traversal that allows downloading arbitrary system files. The available connected documents identify the vulnerable component as IQ-Support but do not specify a...
PT-2025-46939
Name of the Vulnerable Software and Affected Versions IQ-Support affected versions not specified Description IQ-Support, developed by IQ Service International, has an Arbitrary File Read issue. Unauthenticated remote attackers can exploit Relative Path Traversal to download arbitrary system files...