Lucene search
K

11272 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-10472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users in certain configurations to read arbitrary dom0 files via QMP live insertion of a...

5.6CVSS6.9AI score0.00373EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-10187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. CVE-2016-10187 Note that Nessu...

5.5CVSS6.2AI score0.02793EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/24 11:42 a.m.5 views

CVE-2025-9257

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

7.1CVSS7.5AI score0.00502EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-9993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extension...

7.5CVSS7.6AI score0.16437EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-5000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity...

5.5CVSS6.2AI score0.04151EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-12415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an...

5.5CVSS6.7AI score0.0099EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/22 4:49 p.m.10 views

Dpanel has an arbitrary file read vulnerability

Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...

6.1CVSS6.2AI score0.00434EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/22 4:49 p.m.5 views

GHSA-GCQF-PXGG-GW8Q Dpanel has an arbitrary file read vulnerability

Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. Details When a user logs into the administrative backend, this interface can read any files on the host/sever given the...

6.1CVSS6.8AI score0.00434EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/22 3:35 p.m.4 views

CVE-2009-10005

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

8.7CVSS7.2AI score0.00722EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/22 3:18 p.m.11 views

CVE-2025-53363 Dpanel has an arbitrary file read vulnerability

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

6.1CVSS0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/22 3:18 p.m.5 views

CVE-2025-53363 Dpanel has an arbitrary file read vulnerability

dpanel is an open source server management panel written in Go. In versions 1.2.0 through 1.7.2, dpanel allows authenticated users to read arbitrary files from the server via the /api/app/compose/get-from-uri API endpoint. The vulnerability exists in the GetFromUri function in...

6.1CVSS6.4AI score0.00434EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 12:15 p.m.3 views

CVE-2025-9259

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

7.1CVSS5.9AI score0.00502EPSS
Exploits0References2
CVE
CVE
added 2025/08/22 11:46 a.m.17 views

CVE-2025-9259

CVE-2025-9259 concerns WebITR by Uniong, with an arbitrary file reading vulnerability caused by an Absolute Path Traversal issue. The affected software/component is WebITR; the impact described is that remote attackers with regular privileges can download arbitrary system files. Public references...

7.1CVSS7.4AI score0.00502EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.1 views

Dpanel 安全漏洞

Dpanel is a lightweight Docker visualization management panel open source by Donknap, providing perfect container management features. A security vulnerability exists in Dpanel versions 1.2.0 through 1.7.2, which stems from the /api/app/compose/get-from-uri API endpoint that does not properly...

6.1CVSS6.5AI score0.00434EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.5 views

PT-2025-34345 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR affected versions not specified Description: WebITR developed by Uniong is susceptible to an Arbitrary File Reading issue. This allows remote attackers with regular privileges to exploit Absolute Path Traversal and download arbitrary...

7.1CVSS7.1AI score0.00502EPSS
Exploits0References6
Snyk
Snyk
added 2025/08/21 2:53 p.m.1 views

Directory Traversal

Overview vite-plugin-static-copy is a rollup-plugin-copy for vite with dev server support. Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function. An attacker can access arbitrary files on the server by sending crafted HTTP requests that exploit path...

8.9CVSS7.7AI score0.00394EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/21 12:26 a.m.10 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

5.3CVSS7.7AI score0.00667EPSS
Exploits1References1
Redos
Redos
added 2025/08/21 12:0 a.m.8 views

ROS-20250821-08

A vulnerability in the TCPDF PHP library is related to reading arbitrary files from the server's file system via the src tag. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information. information Vulnerability in TCPDF PHP library is related to improper...

7.5CVSS8.4AI score0.01325EPSS
Exploits3
OSV
OSV
added 2025/08/20 5:15 p.m.3 views

CVE-2025-50901

JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 2025-05-19 contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading...

9.8CVSS5.9AI score0.00415EPSS
Exploits1References1
NVD
NVD
added 2025/08/20 4:15 p.m.4 views

CVE-2009-10005

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

8.7CVSS0.00722EPSS
Exploits0References5
Rows per page
Query Builder