Lucene search
K

11279 matches found

CVE
CVE
added 2025/07/18 9:9 a.m.18 views

CVE-2025-6233

CVE-2025-6233 affects Mattermost Server versions 10.8.x up to 10.8.1, 10.7.x up to 10.7.3, 10.5.x up to 10.5.7, and 9.11.x up to 9.11.16. It arises from failing to sanitize input paths of file attachments in the bulk import JSONL file, enabling a system administrator to read arbitrary system file...

6.8CVSS6.6AI score0.0038EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/18 9:9 a.m.3 views

CVE-2025-6233 Arbitrary file read by system admin via path traversal

Mattermost versions 10.8.x = 10.8.1, 10.7.x = 10.7.3, 10.5.x = 10.5.7, 9.11.x = 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal...

6.8CVSS6.5AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2025/07/18 7:15 a.m.3 views

CVE-2025-7772

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

6.5CVSS0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/18 6:45 a.m.7 views

CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

6.5CVSS0.00309EPSS
Exploits0References2
CVE
CVE
added 2025/07/18 6:45 a.m.24 views

CVE-2025-7772

CVE-2025-7772 affects the WordPress plugin Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (

6.5CVSS6.1AI score0.00309EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/18 6:45 a.m.18 views

CVE-2025-7772 Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmrinspectfile function due to a missing capability check. This makes it possible for authenticated attackers, with...

6.5CVSS6.6AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.2 views

WordPress plugin Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Malcure...

6.5CVSS6.4AI score0.00309EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/18 12:0 a.m.2 views

PT-2025-30009 · WordPress · Malcure Malware Scanner

Name of the Vulnerable Software and Affected Versions: Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress versions prior to 16.9 Description: The Malcure Malware Scanner — 1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary...

6.5CVSS6AI score0.00309EPSS
Exploits0References7
NVD
NVD
added 2025/07/16 10:15 p.m.3 views

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

8.7CVSS0.01149EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/16 9:26 p.m.5 views

CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

8.7CVSS7.8AI score0.01149EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/16 9:26 p.m.9 views

CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

8.7CVSS0.01149EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/07/16 9:26 p.m.5 views

CVE-2025-34130

An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the /z/zbin/nethtml.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to...

8.7CVSS5.8AI score0.01149EPSS
Exploits0References4
CVE
CVE
added 2025/07/16 9:26 p.m.17 views

CVE-2025-34130

CVE-2025-34130 affects LILIN Digital Video Recorder (DVR) devices up to firmware version 2.0b60_20200207. An unauthenticated arbitrary file read via the endpoint /z/zbin/net_html.cgi allows reading sensitive files such as /zconf/service.xml , enabling further attacks including command injection. ...

8.7CVSS7.3AI score0.01149EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/07/16 11:38 a.m.92 views

Exploit for CVE-2025-52688

CVE-2025-52688 Affected Products Alcatel AP13161 - Enterpri...

9.8CVSS8.6AI score0.22535EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/07/16 9:0 a.m.8 views

CVE-2024-26291

An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...

8.7CVSS6.3AI score0.01083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.4 views

PT-2025-29892 · Lilin · Lilin Digital Video Recorder

Name of the Vulnerable Software and Affected Versions: LILIN Digital Video Recorder DVR versions prior to 2.0b60 20200207 Description: An unauthenticated arbitrary file read issue exists in LILIN Digital Video Recorder DVR devices. This allows attackers to read sensitive configuration files, such...

8.7CVSS7AI score0.01149EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.8 views

LILIN Digital Video Recorder 安全漏洞

LILIN Digital Video Recorder is a video recorder from LILIN Taiwan, China. A security vulnerability exists in LILIN Digital Video Recorder versions prior to 2.0b6020200207, which originates from an arbitrary file read and could lead to the reading of sensitive configuration files...

8.7CVSS6.5AI score0.01149EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.3 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online survey program from the LimeSurvey team that supports survey program development, survey distribution, and data collection. A security vulnerability exists in LimeSurvey 2.06+ Build 151014 and earlier versions, which stems from unvalidated serialize...

8.7CVSS6.7AI score0.01213EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.2 views

RIPS 安全漏洞

RIPS is a static code analysis tool from the RIPS open source. A security vulnerability exists in RIPS version 0.54, which stems from a path traversal attack that could lead to reading arbitrary files on the system...

8.7CVSS6.8AI score0.01461EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/07/15 12:0 a.m.6 views

The vulnerability of the NetMRI network monitoring program lies in the improper restriction of the path name to the restricted access directory, allowing attackers to read arbitrary files.

The vulnerability of the NetMRI network monitoring program lies in the improper restriction of the path name to the restricted-access directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files...

5.3CVSS5.6AI score0.06221EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder