Lucene search
K

11279 matches found

Vulnrichment
Vulnrichment
added 2025/07/24 7:22 a.m.4 views

CVE-2025-8009 Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read

The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...

4.9CVSS6.1AI score0.0061EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/24 7:22 a.m.6 views

CVE-2025-8009 Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read

The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...

4.9CVSS0.0061EPSS
Exploits0References4
CVE
CVE
added 2025/07/24 7:22 a.m.25 views

CVE-2025-8009

CVE-2025-8009 affects WordPress Security Ninja – WordPress Security Plugin & Firewall. The vulnerability is an Arbitrary File Read via the get_file_source function in all versions up to 5.242, exploitable by authenticated users with Administrator-level access and above, enabling extraction of sen...

4.9CVSS6AI score0.0061EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.6 views

PT-2025-30640 · WordPress · The Security Ninja – Wordpress Security Plugin & Firewall

Name of the Vulnerable Software and Affected Versions: The Security Ninja – WordPress Security Plugin & Firewall versions prior to 5.243 Description: The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This allows...

4.9CVSS6.3AI score0.0061EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/07/23 12:45 p.m.7 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00959EPSS
Exploits0References52
SUSE Linux
SUSE Linux
added 2025/07/23 12:44 p.m.7 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00959EPSS
Exploits0References52
SUSE Linux
SUSE Linux
added 2025/07/23 12:43 p.m.5 views

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

9.6CVSS7.6AI score0.00959EPSS
Exploits0References52
OSV
OSV
added 2025/07/23 12:43 p.m.4 views

SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

9.6CVSS7AI score0.00959EPSS
Exploits0References26
SUSE CVE
SUSE CVE
added 2025/07/22 11:22 p.m.2 views

SUSE CVE-2025-53964

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...

9.6CVSS6.9AI score0.00427EPSS
Exploits1References3
Metasploit
Metasploit
added 2025/07/22 6:52 p.m.425 views

Xorcom CompletePBX Arbitrary File Read and Deletion via systemDataFileName

This module exploits an authenticated path traversal vulnerability in Xorcom CompletePBX use auxiliary/scanner/http/xorcomcompletepbxdiagnosticsfileread msf auxiliaryxorcomcompletepbxdiagnosticsfileread show actions ...actions... msf auxiliaryxorcomcompletepbxdiagnosticsfileread set ACTION msf...

8.3CVSS5.9AI score0.0158EPSS
Exploits1
OSV
OSV
added 2025/07/22 5:15 p.m.6 views

PYSEC-2025-102

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

6.6CVSS5.9AI score0.00524EPSS
Exploits1References3
CISA KEV Catalog
CISA KEV Catalog
added 2025/07/22 12:0 a.m.19 views

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS9.5AI score0.72971EPSS
In wildExploits2
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

Dagster 路径遍历漏洞

Dagster is a Dagster open source orchestration platform for developing, producing and observing data assets. A security vulnerability exists in Dagster version 1.10.14, which stems from a path traversal sequence in the notebookpath field that can bypass extension-based checks and lead to the...

6.6CVSS6.6AI score0.00524EPSS
Exploits1References4
OSV
OSV
added 2025/07/21 7:15 a.m.3 views

CVE-2025-24937

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible...

9CVSS5.8AI score0.0024EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/21 12:0 a.m.1 views

Adobe ColdFusion Server-Side Request Forgery Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability, the vulnerability stems from the serv...

6.2CVSS7AI score0.00362EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

Nokia WaveSuite NOC 安全漏洞

Nokia WaveSuite NOC is an optical network unified operations platform from Nokia Finland. A security vulnerability exists in Nokia WaveSuite NOC that originates from allowing the contents of a file to be read from the local file system and malicious code to be inserted, which could lead to a full...

9CVSS6.5AI score0.0024EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.103 views

VulnCheck KEV: CVE-2024-34193

smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading...

7.5CVSS5.8AI score0.00623EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2025/07/20 6:50 a.m.10 views

CVE-2025-7772

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

6.5CVSS6AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/18 9:58 p.m.10 views

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

8.7CVSS7.9AI score0.01149EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/18 9:9 a.m.7 views

CVE-2025-6233 Arbitrary file read by system admin via path traversal

Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...

6.8CVSS0.0038EPSS
Exploits0References1
Rows per page
Query Builder