Lucene search
K

11279 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:7 p.m.5 views

CVE-2025-4365/CVE-2024-12284: NetScaler Console/SDX Authenticated Arbitrary File Read/Write (FIXED)

During root cause analysis for the NetScaler Console vulnerability, CVE-2024-6235, Rapid7 discovered two high severity authenticated arbitrary file read and write vulnerabilities which were disclosed to the vendor in accordance with our disclosure policy. An Arbitrary File Read vulnerability...

9.4CVSS10AI score0.21331EPSS
Exploits0
NVD
NVD
added 2025/07/14 9:15 a.m.9 views

CVE-2024-26291

An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...

8.7CVSS0.01083EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/14 8:12 a.m.9 views

CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS

An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...

8.7CVSS0.01083EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/14 8:12 a.m.3 views

CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS

An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application runs with the highest privileges root/NTAUTHORITY SYSTEM by default attackers are ab...

8.7CVSS6.9AI score0.01083EPSS
Exploits0References2
CVE
CVE
added 2025/07/14 8:12 a.m.34 views

CVE-2024-26291

CVE-2024-26291 corresponds to an unauthenticated arbitrary file read in the Avid NEXIS Agent when a user supplies a filename parameter that does not validate the path, allowing reading arbitrary files because the Agent runs with root/NT AUTHORITY SYSTEM privileges. Multiple sources (Red Hat advis...

8.7CVSS6.4AI score0.01083EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/14 4:17 a.m.6 views

CVE-2023-39339

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...

4.9CVSS5AI score0.00945EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.4 views

Avid多款产品 安全漏洞

Avid NEXIS E-series, among others, is a virtualized storage platform from Avid, USA. A security vulnerability exists in various Avid products, which stems from an unvalidated filename parameter path that could lead to an arbitrary file read attack. The following products and versions are affected...

8.7CVSS9AI score0.01083EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/07/14 12:0 a.m.125 views

📄 SugarCRM 14.0.0 Code Injection / SSRF / File Read

SugarCRM versions 14.0.0 and below suffer from a LESS code injection vulnerability. User input passed through GET parameters to the /css/preview REST API endpoint is not properly sanitized before parsing it as LESS code. This can be exploited by remote, unauthenticated attackers to inject and...

7.2CVSS8AI score0.13248EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.5 views

PT-2025-29436

Name of the Vulnerable Software and Affected Versions: Avid NEXIS E-series versions prior to 2025.5.1 Avid NEXIS F-series versions prior to 2025.5.1 Avid NEXIS PRO+ versions prior to 2025.5.1 System Director Appliance SDA+ versions prior to 2025.5.1 Description: The application is susceptible to ...

8.7CVSS7.5AI score0.01083EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2025/07/13 12:0 a.m.6 views

The vulnerability of the ColdFusion software platform, related to errors in XML request processing, allows attackers to read arbitrary files.

The vulnerability of the ColdFusion software platform is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

7.4CVSS5.5AI score0.01973EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/12 4:22 p.m.10 views

CVE-2024-41169 Apache Zeppelin: raft directory listing and file read

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...

0.00564EPSS
Exploits0References3
CVE
CVE
added 2025/07/12 4:22 p.m.43 views

CVE-2024-41169

The CVE concerns Apache Zeppelin (versions 0.10.1–0.12.0) where an unauthenticated raft server protocol can expose server resources, including directories and files. Root cause details in connected data indicate the raft-enabled components allow unauthenticated access, enabling an attacker to vie...

7.5CVSS6.7AI score0.00564EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/12 9:24 a.m.4 views

CVE-2025-7518 RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read

The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the getlocalfilename function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server...

4.9CVSS6.7AI score0.00395EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/12 9:24 a.m.8 views

CVE-2025-7518 RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read

The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the getlocalfilename function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server...

4.9CVSS0.00395EPSS
Exploits0References2
CVE
CVE
added 2025/07/12 9:24 a.m.33 views

CVE-2025-7518

CVE-2025-7518 affects the WordPress RSFirewall! plugin. A path traversal vulnerability exists in versions through 1.1.42 via the get_local_filename() function, allowing authenticated attackers with Administrator-level access and above to read arbitrary server files. Impact is unauthorized disclos...

4.9CVSS6.2AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2025/07/12 5:43 a.m.5 views

BIT-KAFKA-2025-27817 Apache Kafka Client: Arbitrary file read and SSRF vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.5CVSS6AI score0.62368EPSS
Exploits2References3
NVD
NVD
added 2025/07/12 4:15 a.m.5 views

CVE-2023-39339

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...

4.9CVSS0.00945EPSS
Exploits0References1
OSV
OSV
added 2025/07/12 4:15 a.m.3 views

CVE-2023-39339

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...

4.9CVSS5.9AI score0.00945EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/12 3:31 a.m.4 views

CVE-2023-39339

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...

4.9CVSS6.9AI score0.00945EPSS
Exploits0References1
CVE
CVE
added 2025/07/12 3:31 a.m.21 views

CVE-2023-39339

Ivanti Policy Secure (IPS) vulnerability CVE-2023-39339 affects all IPS versions prior to 22.6R1. An authenticated administrator can perform an arbitrary file read via a specially crafted web request. Impact is confidentiality (high) with no impact to integrity or availability reported; credentia...

4.9CVSS5.1AI score0.00945EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder