11276 matches found
BIT-MOODLE-2024-43426 Moodle: arbitrary file read risk through pdftex
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed...
BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
CVE-2025-44962
RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build allows ../ directory traversal to read files...
CVE-2012-10034 ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie
ClanSphere 2011.3 is vulnerable to a local file inclusion LFI flaw due to improper handling of the cslang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further...
CVE-2025-54254
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope i...
The software of the centralized backup and disaster recovery management system of Dell PowerProtect Data Manager is vulnerable due to insufficient validation of input data. This allows attackers to read arbitrary files.
The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to read arbitrary files...
Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817)
Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka...
GHSA-JR43-Q92Q-5Q82 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
netty: Denial of Service attack on windows app using Netty
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...
DELL PowerProtect Data Manager Input Validation Error Vulnerability
DELL PowerProtect Data Manager is data protection software from Dell Technologies designed to provide a unified data protection solution for modern hybrid cloud environments. An input validation error vulnerability exists in DELL PowerProtect Data Manager that stems from the PowerProtect Data...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick
CVE-2022-44268 🧙♂️ CVE-2022-44268 ImageMagick Arbitrary File...
VulnCheck KEV: CVE-2011-3315
Directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
WordPress Security Ninja Arbitrary File Read Vulnerability
WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...
RockyLinux 8 : yelp and yelp-xsl (RLSA-2025:7569)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7569 advisory. yelp: Arbitrary file read CVE-2025-3155 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has...