11269 matches found
Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read
Overview LangChainGo, the Go implementation of LangChain, a large language model LLM application building framework, has been discovered to contain an arbitrary file read vulnerability. The vulnerability, tracked as CVE-2025-9556, allows for arbitrary file read through the Gonja template engine...
CVE-2025-53609
A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...
Security Bulletin: Arbitrary File Read and SSRF via Unrestricted URL Configuration in Apache Kafka Client SASL/OAUTHBEARER Settings, affects watsonx.data
Summary A vulnerability in Apache Kafka Client allows for arbitrary file read and Server-Side Request Forgery SSRF through misconfigured SASL/OAUTHBEARER settings, specifically the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url parameters. If client configurations are...
CVE-2025-8422
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...
CVE-2025-8422 Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...
CVE-2025-8422 Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...
CVE-2025-8422
The CVE-2025-8422 affects the Propovoice: All-in-One Client Management System WordPress plugin, vulnerable in all versions up to 1.7.6.7 via the send_email() function to perform an unauthenticated Arbitrary File Read. Impact is reading server files containing sensitive information. Remediation in...
WordPress plugin Propovoice 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-37128
Name of the Vulnerable Software and Affected Versions: Propovoice: All-in-One Client Management System plugin for WordPress versions through 1.7.6.7 Description: The Propovoice: All-in-One Client Management System plugin for WordPress is susceptible to an arbitrary file read issue. This allows...
GHSA-9MV7-3C64-MMQW xml2rfc is vulnerable to arbitrary file reads through prepped files
Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. References This is related ...
xml2rfc is vulnerable to arbitrary file reads through prepped files
Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. References This is related ...
Linux Distros Unpatched Vulnerability : CVE-2012-6531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow...
Linux Distros Unpatched Vulnerability : CVE-2019-17221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the...
Linux Distros Unpatched Vulnerability : CVE-2022-47747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kraken = 0.1.4 has an arbitrary file read vulnerability via the component testfs. CVE-2022-47747 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2022-24683
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or job-submit capabilities to read...
Linux Distros Unpatched Vulnerability : CVE-2021-44534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. CVE-2021-44534...
Linux Distros Unpatched Vulnerability : CVE-2018-1000840
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can...
CVE-2025-53609
A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...
CVE-2025-53609
A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...
CVE-2025-53609
A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...