11269 matches found
CVE-2025-53609
CVE-2025-53609 concerns Fortinet FortiWeb vulnerable to a Relative Path Traversal (CWE-23) affecting FortiWeb 7.0.2–7.0.11, 7.2.0–7.2.11, 7.4.0–7.4.8, and 7.6.0–7.6.4. The issue allows an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests. The c...
CVE-2025-53609
A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...
Tautulli 安全漏洞
Tautulli is a Tautulli open source application for monitoring Plex Media Server media server. A security vulnerability exists in Tautulli 2.15.3 and earlier versions, which stems from the presence of path traversal in the realpmsimageproxy endpoint, which could lead to arbitrary file reads...
PT-2025-36733
Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.0.2 through 7.0.11 FortiWeb versions 7.2.0 through 7.2.11 FortiWeb versions 7.4.0 through 7.4.8 FortiWeb versions 7.6.0 through 7.6.4 Description: A relative path traversal vulnerability may allow an authenticated attacker...
CVE-2025-48544
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-9516
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...
Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818)
Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application CVE-2025-27817,CVE-2025-27818 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apach...
CVE-2025-9516
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...
CVE-2025-9516
CVE-2025-9516 affects the atec Debug WordPress plugin (versions ≤ 1.2.22). An authenticated attacker with Administrator-level access can read arbitrary files via the custom_log parameter, exposing contents outside the intended directory. Red Hat and CVE listings corroborate this file-read impact,...
CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...
CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...
PT-2025-35866
Name of the Vulnerable Software and Affected Versions: atec Debug plugin for WordPress versions prior to 1.2.23 Description: The atec Debug plugin for WordPress is susceptible to an arbitrary file read issue. This allows authenticated attackers with Administrator-level access or higher to view th...
PT-2025-35664
Name of the Vulnerable Software and Affected Versions: SemClipboard versions prior to SMR Apr-2023 Release 1 Description: An improper access control issue exists in SemClipboard. This allows attackers to read arbitrary files with system permission. Recommendations: Update SemClipboard to SMR...
CVE-2025-9260
CVE-2025-9260 relates to Fluent Forms for WordPress, where versions 5.1.16–6.1.1 are vulnerable to PHP Object Injection via parseUserProperties, enabling an authenticated Subscriber+ to deserialize untrusted input. A POP chain allows reading arbitrary files, potentially exposing sensitive data (e...
CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible for authenticated...
CVE-2025-52544 Arbitrary read file from the filesystem
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
Exploit for Inefficient Regular Expression Complexity in Jqueryvalidation Jquery_Validation
PoC exploit for CVE-2022-31147, a path traversal flaw in matthia...
QNAP Qsync Central Path Traversal Vulnerability
QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A path traversal vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to read unexpected file...
WordPress Slider Revolution plugin path traversal vulnerability
WordPress Slider Revolution plugin is a powerful rotating slider plugin for the WordPress platform, providing a visual editor, rich preset templates and animation effects, supporting responsive design and multi-device compatibility. WordPress Slider Revolution plugin has a path traversal...
Linux Distros Unpatched Vulnerability : CVE-2025-26525
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live...