CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read

The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can...

CVE-2025-11738

CVE-2025-11738 affects the WordPress Media Library Assistant plugin (versions up to 3.29). The vulnerability allows unauthenticated attackers to read arbitrary ai/eps/pdf/ps files on the server via mla-stream-image.php, exposing sensitive information. Wordfence’s vulnerability briefing confirms a...

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in getfilecontent.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet...

CVE-2025-62424

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...

JLSEC-2025-89 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Pyth...

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

CVE-2025-62424 ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...

Exploit for Path Traversal in Elementor Website_Builder

CVE-2025-8081 - Elementor Arbitrary File Read Vulnerability !...

Arbitrary File Read

xml2rfc is vulnerable to Arbitrary file read. The vulnerability is due to improper input sanitization when generating PDF files, which allows an attacker to inject a malicious link element into the prepped RFCXML and read arbitrary files from the filesystem...

GHSA-RMJR-87WV-GF87 Mammoth is vulnerable to Directory Traversal

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

CVE-2025-11849

The CVE-2025-11849 entry affects Mammoth (org.zwobble.mammoth:mammoth) and the Mammoth package family up to version 1.11.0 (pre-1.11.0). The root cause is a lack of path or file-type validation when processing DOCX files containing externally linked images (r:link) instead of embedded r:embed. Th...

VulnCheck KEV: CVE-2024-36117

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

CVE-2025-34518

Ilevia EVE X1 Server firmware

CVE-2025-62382

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...

CVE-2025-62382

CVE-2025-62382 affects Frigate (network video recorder for IP cameras). Before v0.16.2, the export workflow lets an authenticated operator nominate any filesystem path as the thumbnail source for a video export. The chosen path is copied verbatim into the publicly served clips directory, enabling...

CVE-2025-62382 Frigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameter

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...