11286 matches found
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
netty: Denial of Service attack on windows app using Netty
A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...
DELL PowerProtect Data Manager Input Validation Error Vulnerability
DELL PowerProtect Data Manager is data protection software from Dell Technologies designed to provide a unified data protection solution for modern hybrid cloud environments. An input validation error vulnerability exists in DELL PowerProtect Data Manager that stems from the PowerProtect Data...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick
CVE-2022-44268 🧙♂️ CVE-2022-44268 ImageMagick Arbitrary File...
VulnCheck KEV: CVE-2011-3315
Directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
WordPress Security Ninja Arbitrary File Read Vulnerability
WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...
RockyLinux 8 : yelp and yelp-xsl (RLSA-2025:7569)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7569 advisory. yelp: Arbitrary file read CVE-2025-3155 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has...
Dell PowerProtect Data Manager 输入验证错误漏洞
DELL PowerProtect Data Manager is data protection software from Dell Technologies designed to provide a unified data protection solution for modern hybrid cloud environments. An input validation error vulnerability exists in DELL PowerProtect Data Manager that stems from the PowerProtect Data...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
RLSA-2025:7569 Important: yelp and yelp-xsl security update
Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. Security Fixes: yelp: Arbitrary file read CVE-2025-3155 For more details...
OSV-2025-580 UNKNOWN READ in signed char Assimp::StreamReader<false, false>::Get<signed char>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434414094 Crash type: UNKNOWN READ Crash state: signed char Assimp::StreamReader::Get Assimp::COBImporter::ReadBinaryFile Assimp::COBImporter::InternReadFile...
📄 Adobe ColdFusion 2023.6 Remote File Read
Adobe ColdFusion version 2023.6 suffers from a remote file read vulnerability. Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767...
Adobe ColdFusion 2023.6 - Remote File Read
Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
CVE-2020-5902 BIG-IP RCE Update Use /hsqldb%0a/ Bypass Rules For Java Deserialization or /hsqld%b /hsqldb; /tmui/login.jsp/..;/hsqldb Redirect 404 / bypass /hsqldb; Redirect 404 / bypass /hsqldb%0a include 'FileETag MTime Size Redirect 404 / Redirect 404 / ' fix:...
CVE-2025-8009
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...
CVE-2015-10142
CVE-2015-10142 affects Sitecore Experience Platform (XP) prior to 8.0 Initial Release and Sitecore CMS prior to 7.2 Update-3 and prior to 7.5 Update-1. The flaw allows an attacker to download files under the web root when the file name is known via a specially crafted URL; allowed file types excl...
CVE-2015-10142 Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path
Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...