Lucene search
K

11276 matches found

OSV
OSV
added 2025/08/06 5:49 a.m.2 views

BIT-MOODLE-2024-43426 Moodle: arbitrary file read risk through pdftex

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed...

7.5CVSS6AI score0.00597EPSS
Exploits0References3
OSV
OSV
added 2025/08/06 5:45 a.m.3 views

BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

7.5CVSS7.3AI score0.02504EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/08/06 12:13 a.m.4 views

CVE-2025-44962

RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build allows ../ directory traversal to read files...

5CVSS8.8AI score0.00693EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/05 8:0 p.m.6 views

CVE-2012-10034 ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie

ClanSphere 2011.3 is vulnerable to a local file inclusion LFI flaw due to improper handling of the cslang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further...

8.7CVSS6.6AI score0.01276EPSS
Exploits1References4
OSV
OSV
added 2025/08/05 5:15 p.m.2 views

CVE-2025-54254

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope i...

8.6CVSS5.9AI score0.85527EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2025/08/05 12:0 a.m.5 views

The software of the centralized backup and disaster recovery management system of Dell PowerProtect Data Manager is vulnerable due to insufficient validation of input data. This allows attackers to read arbitrary files.

The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to read arbitrary files...

6.8CVSS5.6AI score0.00346EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:37 a.m.8 views

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka...

8.8CVSS7.7AI score0.62368EPSS
Exploits2Affected Software1
OSV
OSV
added 2025/08/03 12:30 p.m.2 views

GHSA-JR43-Q92Q-5Q82 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

8.7CVSS9.4AI score0.01257EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/08/03 12:30 p.m.8 views

Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

9.8CVSS7.1AI score0.01257EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2025/08/03 10:2 a.m.10 views

CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

0.00883EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/03 10:2 a.m.2 views

CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

7.2AI score0.01257EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.3 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

5.5CVSS7.3AI score0.00408EPSS
Exploits1References6
CNVD
CNVD
added 2025/08/01 12:0 a.m.3 views

DELL PowerProtect Data Manager Input Validation Error Vulnerability

DELL PowerProtect Data Manager is data protection software from Dell Technologies designed to provide a unified data protection solution for modern hybrid cloud environments. An input validation error vulnerability exists in DELL PowerProtect Data Manager that stems from the PowerProtect Data...

6.5CVSS6.7AI score0.00346EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/07/31 3:22 p.m.529 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

CVE-2022-44268 🧙‍♂️ CVE-2022-44268 ImageMagick Arbitrary File...

6.5CVSS7.1AI score0.89855EPSS
Exploits28
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.7 views

VulnCheck KEV: CVE-2011-3315

Directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...

7.8CVSS5.9AI score0.26393EPSS
In wildExploits0References3
RedHat Linux
RedHat Linux
added 2025/07/30 7:16 a.m.5 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/07/30 7:10 a.m.4 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/07/30 5:36 a.m.5 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
CNVD
CNVD
added 2025/07/30 12:0 a.m.2 views

WordPress Security Ninja Arbitrary File Read Vulnerability

WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...

4.9CVSS6.8AI score0.0061EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/30 12:0 a.m.2 views

RockyLinux 8 : yelp and yelp-xsl (RLSA-2025:7569)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7569 advisory. yelp: Arbitrary file read CVE-2025-3155 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has...

7.4CVSS7.3AI score0.10598EPSS
Exploits1References3
Rows per page
Query Builder