11279 matches found
CVE-2025-6233
CVE-2025-6233 affects Mattermost Server versions 10.8.x up to 10.8.1, 10.7.x up to 10.7.3, 10.5.x up to 10.5.7, and 9.11.x up to 9.11.16. It arises from failing to sanitize input paths of file attachments in the bulk import JSONL file, enabling a system administrator to read arbitrary system file...
CVE-2025-6233 Arbitrary file read by system admin via path traversal
Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...
CVE-2025-7772
The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...
CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read
The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...
CVE-2025-7772
CVE-2025-7772 affects the WordPress plugin Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (
CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read
The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...
WordPress plugin Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Malcure...
PT-2025-30009 · WordPress · Malcure Malware Scanner
Name of the Vulnerable Software and Affected Versions: Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress versions prior to 16.9 Description: The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary...
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34130
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...
CVE-2025-34130
CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...
Exploit for CVE-2025-52688
CVE-2025-52688 Affected Products Alcatel AP13161 - Enterpri...
CVE-2024-26291
An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...
PT-2025-29892 · Lilin · Lilin Digital Video Recorder
Name of the Vulnerable Software and Affected Versions: LILIN Digital Video Recorder DVR versions prior to 2.0b60 20200207 Description: An unauthenticated arbitrary file read issue exists in LILIN Digital Video Recorder DVR devices. This allows attackers to read sensitive configuration files, such...
LILIN Digital Video Recorder 安全漏洞
LILIN Digital Video Recorder is a video recorder from LILIN Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which originates from an arbitrary file read and could lead to the reading of sensitive configuration files...
LimeSurvey 安全漏洞
LimeSurvey PHPSurveyor is an open source online survey program from the LimeSurvey team that supports survey program development, survey distribution, and data collection. A security vulnerability exists in LimeSurvey 2.06+ Build 151014 and earlier versions, which stems from unvalidated serialize...
RIPS 安全漏洞
RIPS is a static code analysis tool from the RIPS open source. A security vulnerability exists in RIPS version 0.54, which stems from a path traversal attack that could lead to reading arbitrary files on the system...
The vulnerability of the NetMRI network monitoring program lies in the improper restriction of the path name to the restricted access directory, allowing attackers to read arbitrary files.
The vulnerability of the NetMRI network monitoring program lies in the improper restriction of the path name to the restricted-access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files...