11244 matches found
CVE-2025-34238
Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web...
Advantech WebAccess/VPN 安全漏洞
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...
PT-2025-45511
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw that permits a virtual machine VM to read arbitrary files from the virt-launcher pod's...
GO-2025-4004 Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd
Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd...
CVE-2025-10713
CVE-2025-10713 is an XML External Entity (XXE) vulnerability affecting multiple WSO2 products due to improper XML parser configuration. The issue allows an attacker to read sensitive server files or cause DoS via unrestrained external entities. Documented impact: remote, unauthenticated access wi...
CVE-2025-20374 Cisco Unified Contact Center Express Arbitrary File Download Vulnerability
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this...
CVE-2025-55108
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...
CVE-2025-55108 BMC Control-M/Agent default configuration does not enforce SSL/TLS allowing unauthorized actions and remote code execution
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and write and similar unauthorized actions when mutual SSL/TLS authentication is not enabled i.e. in the default configuration. NOTE: The vendor believes that this vulnerability only occurs when...
CVE-2025-11072
The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...
PT-2025-45096
Name of the Vulnerable Software and Affected Versions BMC Control-M/Agent affected versions not specified Description The Control-M/Agent is susceptible to unauthenticated remote code execution, arbitrary file read and write, and other unauthorized actions when mutual SSL/TLS authentication is no...
CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...
CVE-2025-12695 Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class...
CVE-2025-12695
The CVE-2025-12695 vulnerability affects DSPy where an overly permissive sandbox around the PythonInterpreter allows reading sensitive files when running untrusted code in an AI agent. Public sources describe an arbitrary-file-read risk via the sandbox, with the affected component being DSPy’s sa...
CVE-2025-12137
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...
EUVD-2025-37425
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...
CVE-2025-10897
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...
CVE-2025-12137
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...
CVE-2025-12137
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...
CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...
CVE-2025-12137 Import WP – Export and Import CSV and XML files to WordPress <= 2.14.16 - Authenticated (Admin+) Arbitrary File Read
The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. This is due to the plugin's REST API endpoint accepting arbitrary absolute file paths without proper validation in the...