Lucene search
K

11269 matches found

CVE
CVE
added 2025/09/09 1:50 p.m.18 views

CVE-2025-53609

CVE-2025-53609 concerns Fortinet FortiWeb vulnerable to a Relative Path Traversal (CWE-23) affecting FortiWeb 7.0.2–7.0.11, 7.2.0–7.2.11, 7.4.0–7.4.8, and 7.6.0–7.6.4. The issue allows an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests. The c...

4.9CVSS6.4AI score0.08374EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/09 1:50 p.m.6 views

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

4.9CVSS0.08374EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

Tautulli 安全漏洞

Tautulli is a Tautulli open source application for monitoring Plex Media Server media server. A security vulnerability exists in Tautulli 2.15.3 and earlier versions, which stems from the presence of path traversal in the realpmsimageproxy endpoint, which could lead to arbitrary file reads...

8.6CVSS6.5AI score0.00633EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36733

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.0.2 through 7.0.11 FortiWeb versions 7.2.0 through 7.2.11 FortiWeb versions 7.4.0 through 7.4.8 FortiWeb versions 7.6.0 through 7.6.4 Description: A relative path traversal vulnerability may allow an authenticated attacker...

4.9CVSS6.2AI score0.08374EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/06 7:31 p.m.4 views

CVE-2025-48544

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.5AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/06 4:32 a.m.13 views

CVE-2025-9516

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

4.9CVSS6AI score0.00403EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 11:1 a.m.7 views

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application CVE-2025-27817,CVE-2025-27818 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apach...

8.8CVSS7.3AI score0.62368EPSS
Exploits2Affected Software1
NVD
NVD
added 2025/09/04 10:42 a.m.15 views

CVE-2025-9516

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

4.9CVSS0.00403EPSS
Exploits0References3
CVE
CVE
added 2025/09/04 4:23 a.m.23 views

CVE-2025-9516

CVE-2025-9516 affects the atec Debug WordPress plugin (versions ≤ 1.2.22). An authenticated attacker with Administrator-level access can read arbitrary files via the custom_log parameter, exposing contents outside the intended directory. Red Hat and CVE listings corroborate this file-read impact,...

4.9CVSS5.4AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/04 4:23 a.m.9 views

CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

4.9CVSS0.00403EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/04 4:23 a.m.1 views

CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

4.9CVSS5.4AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.3 views

PT-2025-35866

Name of the Vulnerable Software and Affected Versions: atec Debug plugin for WordPress versions prior to 1.2.23 Description: The atec Debug plugin for WordPress is susceptible to an arbitrary file read issue. This allows authenticated attackers with Administrator-level access or higher to view th...

4.9CVSS6AI score0.00403EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.6 views

PT-2025-35664

Name of the Vulnerable Software and Affected Versions: SemClipboard versions prior to SMR Apr-2023 Release 1 Description: An improper access control issue exists in SemClipboard. This allows attackers to read arbitrary files with system permission. Recommendations: Update SemClipboard to SMR...

4CVSS6.3AI score0.00118EPSS
Exploits0References4
CVE
CVE
added 2025/09/02 11:22 p.m.25 views

CVE-2025-9260

CVE-2025-9260 relates to Fluent Forms for WordPress, where versions 5.1.16–6.1.1 are vulnerable to PHP Object Injection via parseUserProperties, enabling an authenticated Subscriber+ to deserialize untrusted input. A POP chain allows reading arbitrary files, potentially exposing sensitive data (e...

6.5CVSS6.9AI score0.0053EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/02 11:22 p.m.4 views

CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible for authenticated...

6.5CVSS6.9AI score0.0053EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/02 11:25 a.m.4 views

CVE-2025-52544 Arbitrary read file from the filesystem

E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...

8.8CVSS6.6AI score0.00334EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/09/02 11:11 a.m.449 views

Exploit for Inefficient Regular Expression Complexity in Jqueryvalidation Jquery_Validation

PoC exploit for CVE-2022-31147, a path traversal flaw in matthia...

7.5CVSS7.2AI score0.01562EPSS
Exploits1
CNVD
CNVD
added 2025/09/02 12:0 a.m.2 views

QNAP Qsync Central Path Traversal Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A path traversal vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to read unexpected file...

7.2CVSS6.8AI score0.00445EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.5 views

WordPress Slider Revolution plugin path traversal vulnerability

WordPress Slider Revolution plugin is a powerful rotating slider plugin for the WordPress platform, providing a visual editor, rich preset templates and animation effects, supporting responsive design and multi-device compatibility. WordPress Slider Revolution plugin has a path traversal...

6.5CVSS7.1AI score0.00496EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-26525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live...

8.6CVSS8AI score0.00409EPSS
Exploits0References2
Rows per page
Query Builder