CVE-2025-62382 Frigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameter

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...

EUVD-2025-34699

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...

CVE-2025-62382 Frigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameter

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the...

CVE-2024-13991 Huijietong Cloud Video Platform fileDownload Arbitrary File Read

Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the fullPath parameter of the /fileDownload?action=downloadBackupFile endpoint and retrieve files from the server filesystem. VulnCheck has observed...

CVE-2024-13991

CVE-2024-13991 affects Huijietong Cloud Video Platform. The vulnerability is a path traversal / arbitrary file read in the /fileDownload?action=downloadBackupFile endpoint, exploitable by an unauthenticated attacker who can supply arbitrary paths via the fullPath parameter. Multiple sources confi...

Frigate 安全漏洞

Frigate is a complete local NVR designed for home assistants with AI object detection by Blake Blackshear Personal Developer. A security vulnerability exists in Frigate versions prior to 0.16.2 that stems from an export workflow that allows an operator to specify an arbitrary filesystem location ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...

4,000,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Slider Revolution WordPress Plugin

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

CVE-2025-57563

A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files...

CVE-2025-57563

A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files...

CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload

text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...

CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload

text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...

CVE-2025-62364

The CVE-2025-62364 issue affects text-generation-webui (up to version 3.13). A Local File Inclusion exists in the character picture upload feature: an attacker can upload a text file containing a symbolic link to an arbitrary file path, and when processed the app follows the link and serves the t...

CVE-2025-62364 text-generation-webui allows arbitrary file read via symbolic link upload

text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symbolic link to an arbitrary file path. When the...

CVE-2025-9950

The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwrgetfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of...

cobbler-file-read-exploit

Cobbler XML-RPC Arbitrary File Read Exploit !Python Version...

VulnCheck KEV: CVE-2025-2539

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

CVE-2025-9950

The CVE-2025-9950 issue affects the Error Log Viewer by BestWebSoft for WordPress. It is a directory traversal vulnerability exploitable by authenticated administrators (and above) to read arbitrary files via the rrrlgvwr_get_file function. The vulnerability affects versions up to 1.1.6. The issu...

CVE-2025-9950 Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read

The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwrgetfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of...

CVE-2025-9950 Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read

The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwrgetfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of...