Lucene search
K

11273 matches found

CNNVD
CNNVD
added 2025/08/18 12:0 a.m.4 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability that can be exploited by an attacker t...

2.7CVSS6.5AI score0.00717EPSS
Exploits0References2
NVD
NVD
added 2025/08/16 2:15 a.m.4 views

CVE-2025-55284

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

7.5CVSS0.00431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/16 1:27 a.m.2 views

CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

7.1CVSS7.2AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/16 1:27 a.m.7 views

CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

7.1CVSS0.00431EPSS
Exploits0References1
OSV
OSV
added 2025/08/16 1:27 a.m.17 views

CVE-2025-55284 Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code

Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires th...

7.1CVSS6.9AI score0.00431EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/15 9:29 p.m.10 views

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...

9.2CVSS7.2AI score0.00783EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/15 8:32 p.m.2 views

Symlink Attack

Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Symlink Attack due to handling symbolic links in the specific subdirectories from a fetched source. An attacker can acces...

8.7CVSS6.9AI score0.00507EPSS
Exploits0References2
CNVD
CNVD
added 2025/08/15 12:0 a.m.3 views

WordPress UiCore Elements plugin arbitrary file read vulnerability

WordPress UiCore Elements plugin is a plugin designed for the Elementor page builder to extend its functionality and enhance website design capabilities. An arbitrary file read vulnerability exists in the WordPress UiCore Elements plugin, which stems from the application's inadequate protection o...

7.5CVSS6.7AI score0.00365EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/15 12:0 a.m.9 views

WordPress Elementor Plugin Arbitrary File Read Vulnerability

WordPress Elementor Plugin is a visual page design plugin that allows users to create professional web pages with drag-and-drop modules and a visual editor without writing code. WordPress Elementor Plugin suffers from an arbitrary file read vulnerability that stems from the program failing to...

4.9CVSS6.7AI score0.00474EPSS
Exploits1References1
NVD
NVD
added 2025/08/14 5:15 p.m.4 views

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

8.5CVSS0.00402EPSS
Exploits0References1
OSV
OSV
added 2025/08/14 5:15 p.m.4 views

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

8.5CVSS5.9AI score0.00402EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/08/14 1:51 p.m.2 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/14 6:28 a.m.13 views

CVE-2025-6253

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...

7.5CVSS7AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/14 6:28 a.m.12 views

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

4.9CVSS6.8AI score0.00474EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.2 views

WordPress plugin Barcode Scanner with Inventory & Order Manager 路径遍历漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress plugin Barcode Scanner with Inventory & Order...

4.9CVSS6.8AI score0.00376EPSS
Exploits0References3
NVD
NVD
added 2025/08/13 9:15 p.m.2 views

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...

9.2CVSS0.00783EPSS
Exploits0References4
CVE
CVE
added 2025/08/13 9:4 p.m.23 views

CVE-2025-34154

CVE-2025-34154 affects UnForm Server Manager versions prior to 10.1.12. The issue is in the arc endpoint's log file analysis interface, where the fl parameter lacks proper input validation and path sanitization, allowing unauthenticated attackers to read arbitrary files on the host (including OS-...

9.2CVSS7.1AI score0.00783EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/13 9:4 p.m.8 views

CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...

9.2CVSS0.00783EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/13 9:4 p.m.4 views

CVE-2025-34154 UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...

9.2CVSS7.1AI score0.00783EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/08/13 9:4 p.m.8 views

CVE-2025-34154

UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path...

9.2CVSS5.9AI score0.00783EPSS
Exploits0References5
Rows per page
Query Builder