Lucene search
K

11269 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/19 12:0 a.m.7 views

Flowise < 3.0.6 Multiples Vulnerabilities

According to its banner, the version of Flowise running on the remote host is 3.0.6. It is, therefore, affected by multiple vulnerabilities : - An Unauthenticated Password Reset Token Disclosure - A Server-Side Request Forgery vulnerability in the /api/v1/fetch-links endpoint - A Remote Code...

9.8CVSS7.9AI score0.50118EPSS
Exploits14References8
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.4 views

PT-2025-38621

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.0 through 1.7.0 Description A flaw exists in Apache Linkis when utilizing the JDBC engine and data source functionality. Multiple rounds of URL encoding applied to the URL parameter configured on the frontend can...

7.5CVSS5.3AI score0.00744EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/09/18 10:28 p.m.12 views

CVE-2025-37130

A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system...

6.5CVSS6.5AI score0.00296EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/17 8:43 p.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

10CVSS7.4AI score0.0068EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 8:11 p.m.4 views

GHSA-79HX-3FP8-HJ66 DragonFly vulnerable to arbitrary file read and write on a peer machine

Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...

7.9CVSS8.3AI score0.0068EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/17 8:11 p.m.7 views

DragonFly vulnerable to arbitrary file read and write on a peer machine

Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...

9.8CVSS8.3AI score0.0068EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/09/17 7:50 p.m.1 views

CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...

7.9CVSS7.8AI score0.0068EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 7:50 p.m.8 views

CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...

7.9CVSS0.0068EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 5:25 p.m.8 views

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.1CVSS0.00191EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/17 5:25 p.m.4 views

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.1CVSS6.4AI score0.00191EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/17 6:17 a.m.12 views

CVE-2025-9215 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...

6.5CVSS0.00563EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.2 views

ZimaOS 安全漏洞

ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS 1.4.1 and earlier versions that originates in the /v21/files/file/download endpoint that allows...

6.2CVSS6.4AI score0.00191EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.7 views

DragonFly vulnerable to arbitrary file read and write on a peer machine

A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain remote co...

9.8CVSS8.3AI score0.0068EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/09/16 10:17 p.m.7 views

CVE-2025-37131 Authenticated Arbitrary File Read allows Data Exposure in CLI Interface

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information...

4.9CVSS0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/16 10:17 p.m.2 views

CVE-2025-37131 Authenticated Arbitrary File Read allows Data Exposure in CLI Interface

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information...

4.9CVSS6.3AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.8 views

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

6.5CVSS7AI score0.00296EPSS
Exploits0References2
OSV
OSV
added 2025/09/15 8:0 p.m.7 views

GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

9.1CVSS6.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/15 8:0 p.m.12 views

Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

6.9AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/09/15 7:54 a.m.5 views

Arbitrary File Read

github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...

6.1CVSS6.6AI score0.00434EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.17 views

CVE-2025-8422

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS6.1AI score0.00586EPSS
Exploits1References1
Rows per page
Query Builder