Lucene search
K

11286 matches found

Vulnrichment
Vulnrichment
added 2025/08/03 10:2 a.m.2 views

CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

7.2AI score0.01257EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.3 views

netty: Denial of Service attack on windows app using Netty

A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes...

5.5CVSS7.3AI score0.00408EPSS
Exploits1References6
CNVD
CNVD
added 2025/08/01 12:0 a.m.3 views

DELL PowerProtect Data Manager Input Validation Error Vulnerability

DELL PowerProtect Data Manager is data protection software from Dell Technologies designed to provide a unified data protection solution for modern hybrid cloud environments. An input validation error vulnerability exists in DELL PowerProtect Data Manager that stems from the PowerProtect Data...

6.5CVSS6.7AI score0.00346EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/07/31 3:22 p.m.529 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

CVE-2022-44268 🧙‍♂️ CVE-2022-44268 ImageMagick Arbitrary File...

6.5CVSS7.1AI score0.89855EPSS
Exploits28
VulnCheck KEV
VulnCheck KEV
added 2025/07/31 12:0 a.m.7 views

VulnCheck KEV: CVE-2011-3315

Directory traversal vulnerability in Cisco Unified Communications Manager CUCM 5.x and 6.x before 6.15SU2, 7.x before 7.15bSU2, and 8.x before 8.03, and Cisco Unified Contact Center Express aka Unified CCX or UCCX and Cisco Unified IP Interactive Voice Response Unified IP-IVR before 6.01SR1ES8,...

7.8CVSS5.9AI score0.26393EPSS
In wildExploits0References3
RedHat Linux
RedHat Linux
added 2025/07/30 7:16 a.m.5 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/07/30 7:10 a.m.4 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/07/30 5:36 a.m.5 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
CNVD
CNVD
added 2025/07/30 12:0 a.m.2 views

WordPress Security Ninja Arbitrary File Read Vulnerability

WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...

4.9CVSS6.8AI score0.0061EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/30 12:0 a.m.2 views

RockyLinux 8 : yelp and yelp-xsl (RLSA-2025:7569)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7569 advisory. yelp: Arbitrary file read CVE-2025-3155 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that Nessus has...

7.4CVSS7.3AI score0.10598EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.2 views

Dell PowerProtect Data Manager 输入验证错误漏洞

DELL PowerProtect Data Manager is data protection software from Dell Technologies designed to provide a unified data protection solution for modern hybrid cloud environments. An input validation error vulnerability exists in DELL PowerProtect Data Manager that stems from the PowerProtect Data...

6.5CVSS6.6AI score0.00346EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/07/29 1:52 p.m.2 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
OSV
OSV
added 2025/07/29 1:38 p.m.10 views

RLSA-2025:7569 Important: yelp and yelp-xsl security update

Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. Security Fixes: yelp: Arbitrary file read CVE-2025-3155 For more details...

7.4CVSS6.5AI score0.10598EPSS
Exploits1References2
OSV
OSV
added 2025/07/29 12:16 a.m.3 views

OSV-2025-580 UNKNOWN READ in signed char Assimp::StreamReader<false, false>::Get<signed char>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434414094 Crash type: UNKNOWN READ Crash state: signed char Assimp::StreamReader::Get Assimp::COBImporter::ReadBinaryFile Assimp::COBImporter::InternReadFile...

7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2025/07/29 12:0 a.m.94 views

📄 Adobe ColdFusion 2023.6 Remote File Read

Adobe ColdFusion version 2023.6 suffers from a remote file read vulnerability. Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767...

7.4CVSS7.3AI score0.98514EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/07/28 12:0 a.m.250 views

Adobe ColdFusion 2023.6 - Remote File Read

Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...

7.4CVSS7.5AI score0.98514EPSS
Exploits7
Gitee
Gitee
added 2025/07/27 4:5 a.m.232 views

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 BIG-IP RCE Update Use /hsqldb%0a/ Bypass Rules For Java Deserialization or /hsqld%b /hsqldb; /tmui/login.jsp/..;/hsqldb Redirect 404 / bypass /hsqldb; Redirect 404 / bypass /hsqldb%0a include 'FileETag MTime Size Redirect 404 / Redirect 404 / ' fix:...

10CVSS8.6AI score0.99999EPSS
Exploits60
RedhatCVE
RedhatCVE
added 2025/07/26 7:26 a.m.12 views

CVE-2025-8009

The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...

4.9CVSS6.7AI score0.0061EPSS
Exploits0References1
CVE
CVE
added 2025/07/25 3:55 p.m.16 views

CVE-2015-10142

CVE-2015-10142 affects Sitecore Experience Platform (XP) prior to 8.0 Initial Release and Sitecore CMS prior to 7.2 Update-3 and prior to 7.5 Update-1. The flaw allows an attacker to download files under the web root when the file name is known via a specially crafted URL; allowed file types excl...

6.9CVSS6.3AI score0.00473EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/25 3:55 p.m.12 views

CVE-2015-10142 Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path

Sitecore Experience Platform XP prior to 8.0 Initial Release rev. 141212 and Content Management System CMS prior to 7.2 Update-3 rev. 141226 and prior to 7.5 Update-1 rev. 150130 contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of t...

6.9CVSS0.00473EPSS
Exploits0References3
Rows per page
Query Builder