11272 matches found
CVE-2009-10005
ContentKeeper Web Appliance (Impero) versions before 125.10 expose the mimencode binary via a CGI endpoint (/cgi-bin/ck/mimencode) allowing unauthenticated remote reading of arbitrary files (e.g., /etc/passwd) through crafted POST requests with traversal and output parameters. Root cause: exposed...
CRI-O has Potential High Memory Consumption from File Read
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
PT-2025-34116 · Cisco · Cisco Evolved Programmable Network Manager +1
Name of the Vulnerable Software and Affected Versions: Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure affected versions not specified Description: A vulnerability exists in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and...
Linux Distros Unpatched Vulnerability : CVE-2019-12086
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific...
Linux Distros Unpatched Vulnerability : CVE-2019-12814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific...
Linux Distros Unpatched Vulnerability : CVE-2023-49294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asteri...
Linux Distros Unpatched Vulnerability : CVE-2018-6095
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
PT-2025-33747
Name of the Vulnerable Software and Affected Versions: EzGED3 versions prior to 3.5.72.27183 Description: EzGED3 is susceptible to an unauthenticated arbitrary file read issue stemming from inadequate access control and insufficient input validation within a web-accessible script. An attacker can...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability in a web‑exposed script. A remote attacker can supply a crafted path parameter to read arbitrary files from the filesystem via directory traversal (e.g., ../../../), without authentication or proper path handling. Potentia...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...
Linux Distros Unpatched Vulnerability : CVE-2020-1745
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before...
Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...
GHSA-X5GV-JW7F-J6XJ Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
Due to an overly broad allowlist of safe commands, it was possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation. Reliably exploiting this requires the ability to add untrusted content into a Claude Code contex...
CVE-2025-54234
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs...
Arbitrary File Read/Write
Overview copier is an A library for rendering project templates. Affected versions of this package are vulnerable to Arbitrary File Read/Write via the exposure of pathlib.Path objects in the Jinja context, which have unconstrained I/O methods. An attacker can access or modify arbitrary files on t...
CVE-2025-54234
CVE-2025-54234 affects Adobe ColdFusion: SSRF allows a high-privilege authenticated attacker to cause the application to fetch arbitrary URLs, potentially enabling a limited file system read. Affected versions include ColdFusion 2025.1, 2023.13, 2021.19 and earlier; exploitation requires no user ...
Adobe ColdFusion 代码问题漏洞
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability that can be exploited by an attacker t...