11269 matches found
Flowise < 3.0.6 Multiples Vulnerabilities
According to its banner, the version of Flowise running on the remote host is 3.0.6. It is, therefore, affected by multiple vulnerabilities : - An Unauthenticated Password Reset Token Disclosure - A Server-Side Request Forgery vulnerability in the /api/v1/fetch-links endpoint - A Remote Code...
PT-2025-38621
Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.0 through 1.7.0 Description A flaw exists in Apache Linkis when utilizing the JDBC engine and data source functionality. Multiple rounds of URL encoding applied to the URL parameter configured on the frontend can...
CVE-2025-37130
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...
GHSA-79HX-3FP8-HJ66 DragonFly vulnerable to arbitrary file read and write on a peer machine
Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...
DragonFly vulnerable to arbitrary file read and write on a peer machine
Impact A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain...
CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...
CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal...
CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...
CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...
CVE-2025-9215 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...
ZimaOS 安全漏洞
ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS 1.4.1 and earlier versions that originates in the /v21/files/file/download endpoint that allows...
DragonFly vulnerable to arbitrary file read and write on a peer machine
A peer exposes the gRPC API and HTTP API for consumption by other peers. These APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal other peers’ secret data and to gain remote co...
CVE-2025-37131 Authenticated Arbitrary File Read allows Data Exposure in CLI Interface
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information...
CVE-2025-37131 Authenticated Arbitrary File Read allows Data Exposure in CLI Interface
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information...
Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞
Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...
GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read
Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...
Flowise has an Arbitrary File Read
Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...
Arbitrary File Read
github.com/donknap/dpanel is vulnerable to Arbitrary File Read. The vulnerability is due to improper access control in the /api/app/compose/get-from-uri interface, which allows an attacker logged into Dpanel to read arbitrary files...
CVE-2025-8422
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...