Lucene search
K

11274 matches found

Packet Storm
Packet Storm
added 2025/08/12 12:0 a.m.89 views

📄 Ghost CMS 5.59.1 Arbitrary File Read

Ghost CMS version 5.59.1 proof of concept arbitrary file read exploit. !/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.59.1 - Arbitrary File Read Date: 2023-09-20 Exploit Author: ibrahimsql https://github.com/ibrahmsql Vendor Homepage: https://ghost.org Software Link:...

6.5CVSS7.4AI score0.57565EPSS
Exploits12
VulnCheck KEV
VulnCheck KEV
added 2025/08/12 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-54254

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope i...

8.6CVSS7.4AI score0.85527EPSS
In wildExploits2References14
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.2 views

Fortinet FortiSOAR 安全漏洞

Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSOAR version 7.6.0, versions 7.5.0 through 7.5.1, all versions 7.4, and all versions 7.3, which originates from path traversal and could resul...

6.8CVSS6.8AI score0.00376EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.3 views

WordPress plugin UiCore Elements 安全漏洞

WordPress UiCore Elements plugin is a plugin designed for the Elementor page builder to extend its functionality and enhance website design capabilities. An arbitrary file read vulnerability exists in the WordPress UiCore Elements plugin, which stems from the application's inadequate protection o...

7.5CVSS6.5AI score0.00365EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.5 views

PT-2025-32628 · WordPress · Uicore Elements

Name of the Vulnerable Software and Affected Versions: UiCore Elements – Free Elementor widgets and templates for WordPress versions up to and including 1.3.0 Description: The plugin is susceptible to arbitrary file reading via the prepare template function. This is due to a missing capability...

7.5CVSS7.2AI score0.00365EPSS
Exploits0References8
Adobe
Adobe
added 2025/08/12 12:0 a.m.25 views

APSB25-71 : Security update available for Adobe Commerce

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical and important vulnerabilities. Successful exploitation could lead to security feature bypass, privilege escalation, arbitrary file system read, and application denial-of-service...

6.7AI score
Exploits0Affected Software3
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.14 views

WordPress plugin Elementor 路径遍历漏洞

WordPress Elementor Plugin is a visual page design plugin that allows users to create professional web pages with drag-and-drop modules and a visual editor without writing code. WordPress Elementor Plugin suffers from an arbitrary file read vulnerability that stems from the program failing to...

4.9CVSS6.6AI score0.00474EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.10 views

PT-2025-32629 · WordPress · Elementor

Name of the Vulnerable Software and Affected Versions: Elementor plugin for WordPress versions up to and including 3.30.2 Description: The Elementor plugin for WordPress is susceptible to arbitrary file reading due to insufficient filename controls within the Import Images::import function...

4.9CVSS7.2AI score0.00474EPSS
Exploits1References11
VulnCheck KEV
VulnCheck KEV
added 2025/08/12 12:0 a.m.10 views

VulnCheck KEV: CVE-2025-44177

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences...

8.2CVSS5.9AI score0.04173EPSS
In wildExploits3References72
Wordfence Blog
Wordfence Blog
added 2025/08/11 4:26 p.m.11 views

40,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in UiCore Elements WordPress Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🌞 Spring into Summer with Wordfence! Now through September 4, 2025, earn 2X bounty rewards forall in-scope submissions from our ‘High Threat’ list in software with fewer than 5 million active installs. Bounties up to $31,200 per...

7.5CVSS8AI score0.00474EPSS
Exploits1
Exploit DB
Exploit DB
added 2025/08/11 12:0 a.m.263 views

Ghost CMS 5.59.1 - Arbitrary File Read

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.59.1 - Arbitrary File Read Date: 2023-09-20 Exploit Author: ibrahimsql https://github.com/ibrahmsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1, zipfile, tempfile Usag...

6.5CVSS7.4AI score0.57565EPSS
Exploits12
OSV
OSV
added 2025/08/10 11:48 p.m.6 views

BIT-MOODLE-2025-26525 Arbitrary file read risk through pdfTeX

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...

8.6CVSS7AI score0.00409EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-23597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given ...

6.5CVSS7.7AI score0.0034EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/08 12:29 a.m.11 views

CVE-2025-50233

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outsi...

6.5CVSS6.3AI score0.00441EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.4 views

PT-2025-106: Local file read leads to Server-Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to read server‑side files and issue requests to the local network, resulting in a Server‑Side Request Forgery SSRF condition. Vulnerability status: Confirmed by vendor Date of...

8.6CVSS5.8AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.9 views

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager (AEM) Forms on JEE lies in the incorrect restrictions on XML links to external objects. This allows attackers to read arbitrary files.

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager AEM Forms on JEE is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could...

8.6CVSS7.8AI score0.85527EPSS
Exploits2References2Affected Software1
RedHat Linux
RedHat Linux
added 2025/08/07 1:37 p.m.6 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
OSV
OSV
added 2025/08/06 9:15 p.m.3 views

CVE-2025-51052

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'filegetcontents' function call in '/apivedo/template'...

6.5CVSS5.9AI score0.00438EPSS
Exploits2References2
OSV
OSV
added 2025/08/06 5:49 a.m.2 views

BIT-MOODLE-2024-43426 Moodle: arbitrary file read risk through pdftex

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed...

7.5CVSS6AI score0.00597EPSS
Exploits0References3
OSV
OSV
added 2025/08/06 5:45 a.m.3 views

BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

7.5CVSS7.3AI score0.02504EPSS
Exploits1References3
Rows per page
Query Builder