Lucene search
K

11272 matches found

CVE
CVE
added 2025/08/20 3:31 p.m.16 views

CVE-2009-10005

ContentKeeper Web Appliance (Impero) versions before 125.10 expose the mimencode binary via a CGI endpoint (/cgi-bin/ck/mimencode) allowing unauthenticated remote reading of arbitrary files (e.g., /etc/passwd) through crafted POST requests with traversal and output parameters. Root cause: exposed...

8.7CVSS6.6AI score0.00722EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/20 3:31 p.m.6 views

CRI-O has Potential High Memory Consumption from File Read

There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...

5.7CVSS7AI score0.00224EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-34116 · Cisco · Cisco Evolved Programmable Network Manager +1

Name of the Vulnerable Software and Affected Versions: Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure affected versions not specified Description: A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and...

6.5CVSS6.2AI score0.00386EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-12086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific...

7.5CVSS7.2AI score0.21949EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-12814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific...

5.9CVSS6.9AI score0.10951EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-49294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asteri...

7.5CVSS6.3AI score0.4557EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-6095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a...

6.5CVSS7.4AI score0.01605EPSS
Exploits0References2
NVD
NVD
added 2025/08/19 4:15 p.m.6 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

5.3CVSS0.00667EPSS
Exploits1References1
OSV
OSV
added 2025/08/19 4:15 p.m.4 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

5.3CVSS6AI score0.00667EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.6 views

PT-2025-33747

Name of the Vulnerable Software and Affected Versions: EzGED3 versions prior to 3.5.72.27183 Description: EzGED3 is susceptible to an unauthenticated arbitrary file read issue stemming from inadequate access control and insufficient input validation within a web-accessible script. An attacker can...

5.3CVSS6.8AI score0.00667EPSS
Exploits1References6
CVE
CVE
added 2025/08/19 12:0 a.m.21 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability in a web‑exposed script. A remote attacker can supply a crafted path parameter to read arbitrary files from the filesystem via directory traversal (e.g., ../../../), without authentication or proper path handling. Potentia...

5.3CVSS7.6AI score0.00667EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/08/19 12:0 a.m.7 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

0.00667EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/19 12:0 a.m.3 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

7.6AI score0.00667EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-1745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before...

9.8CVSS6.8AI score0.04837EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/18 6:46 p.m.5 views

Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code

Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...

7.5CVSS7.2AI score0.00431EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/18 6:46 p.m.3 views

GHSA-X5GV-JW7F-J6XJ Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code

Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...

7.1CVSS7.2AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2025/08/18 5:15 p.m.3 views

CVE-2025-54234

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...

2.7CVSS5.9AI score0.00717EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/18 4:47 p.m.4 views

Arbitrary File Read/Write

Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Arbitrary File Read/Write via the exposure of pathlib.Path objects in the Jinja context, which have unconstrained I/O methods. An attacker can access or modify arbitrary files on t...

8.5CVSS7.8AI score0.0024EPSS
Exploits0References2
CVE
CVE
added 2025/08/18 4:43 p.m.14 views

CVE-2025-54234

CVE-2025-54234 affects Adobe ColdFusion: SSRF allows a high-privilege authenticated attacker to cause the application to fetch arbitrary URLs, potentially enabling a limited file system read. Affected versions include ColdFusion 2025.1, 2023.13, 2021.19 and earlier; exploitation requires no user ...

2.7CVSS7.2AI score0.00717EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.3 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability that can be exploited by an attacker t...

2.7CVSS6.5AI score0.00717EPSS
Exploits0References2
Rows per page
Query Builder