Lucene search
K

11273 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/13 12:0 a.m.5 views

Cisco IOS XE Software Web Based Management Interface (cisco-sa-webui-multi-ARNHM4v6)

According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected...

6.5CVSS6.8AI score0.00355EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.6 views

PT-2025-32975 · Wellchoose · Organization Portal System

Name of the Vulnerable Software and Affected Versions: Organization Portal System affected versions not specified Description: The Organization Portal System developed by WellChoose contains an arbitrary file reading flaw. This allows unauthenticated remote attackers to exploit Absolute Path...

8.7CVSS7.3AI score0.00536EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/08/13 12:0 a.m.13 views

WordPress Elementor Website Builder Plugin < 3.30.3 Path Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elementor:websitebuilder"; ifdescription...

4.9CVSS7.2AI score0.00474EPSS
Exploits1References1
OSV
OSV
added 2025/08/12 7:15 p.m.1 views

CVE-2024-48892

A relative path traversal vulnerability CWE-23 in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack...

4.9CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2025/08/12 7:15 p.m.5 views

CVE-2024-40588

Multiple relative path traversal vulnerabilities CWE-23 vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 al...

4.4CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2025/08/12 6:59 p.m.28 views

CVE-2024-40588

CVE-2024-40588 describes multiple relative path traversal vulnerabilities in Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. The issue allows a privileged attacker to read files on the underlying filesystem via crafted CLI requests. Affected versions include FortiCamera ...

4.4CVSS6.3AI score0.00164EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/12 6:31 p.m.2 views

GHSA-7HRJ-3C9X-XV5H Magento has incorrect authorization issue that leads to arbitrary file system read

Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized...

7.5CVSS6.6AI score0.00573EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/12 6:31 p.m.5 views

Magento has incorrect authorization issue that leads to arbitrary file system read

Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized...

7.5CVSS6.6AI score0.00573EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2025/08/12 3:5 p.m.25 views

CVE-2025-5468

CVE-2025-5468 covers Ivanti products (Connect Secure, Policy Secure, ZTA Gateway, Neurons for Secure Access). The root cause is improper handling of symbolic links, enabling a local authenticated attacker to read arbitrary on-disk files. Affected versions include Ivanti Connect Secure before 22.7...

5.5CVSS6.8AI score0.0033EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/08/12 12:30 p.m.6 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/08/12 12:25 p.m.4 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
NVD
NVD
added 2025/08/12 12:15 p.m.3 views

CVE-2025-40584

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 All versions, SIMOTION SCOUT TIA V5.5 All versions, SIMOTION SCOUT TIA V5.6 All versions V5.6 SP1 HF7, SIMOTION SCOUT TIA V5.7 All versions V5.7 SP1 HF1, SIMOTION SCOUT V5.4 All versions, SIMOTION SCOUT V5.5 All versions, SIMOTION SCO...

6.8CVSS0.0016EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 6:15 a.m.3 views

CVE-2025-6253

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...

7.5CVSS0.00365EPSS
Exploits0References2
OSV
OSV
added 2025/08/12 6:15 a.m.8 views

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

4.9CVSS6.7AI score
Exploits0References4
CVE
CVE
added 2025/08/12 5:27 a.m.24 views

CVE-2025-6253

The CVE-2025-6253 entry concerns the WordPress plugin UiCore Elements (Free Elementor widgets/templates) with versions up to and including 1.3.0. The vulnerability is an Arbitrary File Read caused by a missing capability check and insufficient controls on the filename in the prepare_template() fu...

7.5CVSS6.9AI score0.00365EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/12 5:27 a.m.6 views

CVE-2025-8081 Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the ImportImages::import function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access an...

4.9CVSS6.7AI score0.00474EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/12 5:27 a.m.6 views

CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...

7.5CVSS0.00365EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/12 5:27 a.m.2 views

CVE-2025-6253 UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read

The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the preparetemplate function due to a missing capability check and insufficient controls on the filename specified. This makes it...

7.5CVSS6.9AI score0.00365EPSS
Exploits0References2
CVE
CVE
added 2025/08/12 5:27 a.m.146 views

CVE-2025-8081

Summary (CVE-2025-8081) The Elementor WordPress plugin (versions ≤ 3.30.2) is vulnerable to an arbitrary file read via the Import_Images::import() path traversal due to insufficient validation of the uploaded file reference (tmp_name). The underlying issue allowed authenticated administrators to ...

4.9CVSS6.7AI score0.00474EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2025/08/12 12:0 a.m.89 views

📄 Ghost CMS 5.59.1 Arbitrary File Read

Ghost CMS version 5.59.1 proof of concept arbitrary file read exploit. !/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.59.1 - Arbitrary File Read Date: 2023-09-20 Exploit Author: ibrahimsql https://github.com/ibrahmsql Vendor Homepage: https://ghost.org Software Link:...

6.5CVSS7.4AI score0.57565EPSS
Exploits12
Rows per page
Query Builder