Lucene search
K

11269 matches found

CERT
CERT
added 2025/09/12 12:0 a.m.9 views

Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read

Overview LangChainGo, the Go implementation of LangChain, a large language model LLM application building framework, has been discovered to contain an arbitrary file read vulnerability. The vulnerability, tracked as CVE-2025-9556, allows for arbitrary file read through the Gonja template engine...

9.8CVSS7.5AI score0.00666EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/11 2:18 p.m.5 views

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

4.9CVSS6.9AI score0.08374EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/11 8:52 a.m.10 views

Security Bulletin: Arbitrary File Read and SSRF via Unrestricted URL Configuration in Apache Kafka Client SASL/OAUTHBEARER Settings, affects watsonx.data

Summary A vulnerability in Apache Kafka Client allows for arbitrary file read and Server-Side Request Forgery SSRF through misconfigured SASL/OAUTHBEARER settings, specifically the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url parameters. If client configurations are...

8.8CVSS6.8AI score0.62368EPSS
Exploits2Affected Software1
NVD
NVD
added 2025/09/11 8:15 a.m.51 views

CVE-2025-8422

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS0.00586EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.3 views

CVE-2025-8422 Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/11 7:24 a.m.47 views

CVE-2025-8422 Propovoice <= 1.7.6.7 - Unauthenticated Arbitrary File Read

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS0.00586EPSS
Exploits1References3
CVE
CVE
added 2025/09/11 7:24 a.m.21 views

CVE-2025-8422

The CVE-2025-8422 affects the Propovoice: All-in-One Client Management System WordPress plugin, vulnerable in all versions up to 1.7.6.7 via the send_email() function to perform an unauthenticated Arbitrary File Read. Impact is reading server files containing sensitive information. Remediation in...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.2 views

WordPress plugin Propovoice 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS6.4AI score0.00586EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.7 views

PT-2025-37128

Name of the Vulnerable Software and Affected Versions: Propovoice: All-in-One Client Management System plugin for WordPress versions through 1.7.6.7 Description: The Propovoice: All-in-One Client Management System plugin for WordPress is susceptible to an arbitrary file read issue. This allows...

7.5CVSS6.3AI score0.00586EPSS
Exploits1References4
OSV
OSV
added 2025/09/10 8:44 p.m.2 views

GHSA-9MV7-3C64-MMQW xml2rfc is vulnerable to arbitrary file reads through prepped files

Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. References This is related ...

8.7CVSS6.9AI score0.00278EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/09/10 8:44 p.m.5 views

xml2rfc is vulnerable to arbitrary file reads through prepped files

Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. References This is related ...

6.9AI score0.00278EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2012-6531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow...

9.1CVSS8.2AI score0.50248EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-17221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the...

7.5CVSS7.5AI score0.03424EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-47747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kraken = 0.1.4 has an arbitrary file read vulnerability via the component testfs. CVE-2022-47747 Note that Nessus relies on the presence of the package as...

7.5CVSS7.2AI score0.00799EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-24683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or job-submit capabilities to read...

7.8CVSS7.5AI score0.01515EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2021-44534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. CVE-2021-44534...

6.5CVSS6.5AI score0.00563EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can...

6.5CVSS6.7AI score0.02177EPSS
Exploits1References2
OSV
OSV
added 2025/09/09 2:15 p.m.2 views

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

4.9CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2025/09/09 2:15 p.m.3 views

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

4.9CVSS0.08374EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 1:50 p.m.3 views

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

4.9CVSS6.4AI score0.08374EPSS
Exploits0References1
Rows per page
Query Builder