EUVD-2025-36215

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...

CVE-2025-27222

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source a java-based development of the blog / CMS site building platform. PerfreeBlog 4.0.11 version of a security vulnerability , the vulnerability stems from validThemeFilePath function has an arbitrary file read problem...

EUVD-2025-35860

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

PT-2025-43662

Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description PerfreeBlog version 4.0.11 contains an arbitrary file read issue within the validThemeFilePath function. This allows for unauthorized access to files. Recommendations Update to a newer version that contai...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

CVE-2025-60729

PerfreeBlog v4.0.11 contains an arbitrary file read vulnerability in the validThemeFilePath function. The issue is confirmed across multiple sources in the Connected documents and affects the PerfreeBlog 4.0.11 release; CVSS v3.1 base score cited as 5.3 (Medium). The exact exploit details, affect...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

CVE-2025-58456

CVE-2025-58456 concerns AutomationDirect’s Productivity Suite, version 4.4.1.19. The Red Hat/EUVD/NVD entries and CISA advisory corroborate a relative path traversal (ZipSlip) vulnerability in ProductivityService PLC simulator, enabling an unauthenticated remote attacker to read arbitrary files o...

CVE-2025-54963

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service process. The path to a file is not sanitized f...

ChurchCRM Path Traversal Vulnerability

ChurchCRM is an open source CRM system for churches. ChurchCRM 5.18.0 and previous versions of path traversal vulnerability, the vulnerability stems from the file src/ChurchCRM/Backup/RestoreJob.php parameter restoreFile fails to correctly filter the resource or file path of the special elements,...

Unspecified Vulnerability in Newforma Project Center Server

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A security vulnerability exists in Newforma Project Center Serve...

GHSA-VFFH-C9PQ-4CRH Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read

Summary In some Notification types e.g., Webhook, Telegram, the send function allows user-controlled renderTemplate input. This leads to a Server-side Template Injection SSTI vulnerability that can be exploited to read arbitrary files from the server. Details The root cause is how Uptime Kuma...

EUVD-2025-35098

Uptime Kuma Server-side Template Injection SSTI in Notification Templates Allows Arbitrary File Read...

Uptime Kuma Server-side Template Injection (SSTI) in Notification Templates Allows Arbitrary File Read

Summary In some Notification types e.g., Webhook, Telegram, the send function allows user-controlled renderTemplate input. This leads to a Server-side Template Injection SSTI vulnerability that can be exploited to read arbitrary files from the server. Details The root cause is how Uptime Kuma...

ChurchCRM 路径遍历漏洞

ChurchCRM is an open source CRM system for churches. ChurchCRM 5.18.0 and previous versions of path traversal vulnerability, the vulnerability stems from the file src/ChurchCRM/Backup/RestoreJob.php parameter restoreFile fails to correctly filter the resource or file path of the special elements,...

CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read

The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can...