11280 matches found
CVE-2023-39339
Ivanti Policy Secure (IPS) vulnerability CVE-2023-39339 affects all IPS versions prior to 22.6R1. An authenticated administrator can perform an arbitrary file read via a specially crafted web request. Impact is confidentiality (high) with no impact to integrity or availability reported; credentia...
CVE-2023-39339
A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...
Ivanti Policy Secure 安全漏洞
Ivanti Policy Secure IPS is a network access control NAC solution from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Policy Secure IPS versions prior to 22.6R1 that originates from an authenticated administrator being able to perform arbitrary file reads via a specially craft...
CVE-2025-7401
The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remotetunnel.php in all versions up to, and including, 3.0.2. This makes it possible for...
CVE-2025-7401
The CVE-2025-7401 entry concerns the Premium Age Verification / Restriction for WordPress plugin (vulnerable up to 3.0.2). A remote_tunnel.php endpoint with insufficient access protection enables unauthenticated attackers to read from and write to arbitrary files on the affected site’s server, po...
CVE-2025-7401 Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php
The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remotetunnel.php in all versions up to, and including, 3.0.2. This makes it possible for...
CVE-2025-34098 Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances confirmed in VCX255U 9.6.0a due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter...
CVE-2025-34098
The CVE-2025-34098 entry describes a path traversal vulnerability in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) where improper input validation in the log filtering functionality exposed via the management web interface allows an authenticated attacker to submit crafted filte...
Exploit for CVE-2024-27954
CVE-2024-27954 - WordPress wp-automatic Plugin LFI Scanner Th...
curl: Arbitrary File Read via file:// Protocol in cURL
cURL’s file:// protocol handler is enabled by default, allowing access to local files on the system. This behavior enables an attacker with the ability to run cURL commands to read arbitrary files on the host by specifying file paths or using directory traversal techniques. Steps to reproduce: 1...
PT-2025-28950 · Ruckus +1 · Smartzone +2
Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to an OS command injection issue through a specific parameter within an API route. Recommendations: Update RUCKUS SmartZone SZ to...
CVE-2025-49545
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...
CVE-2025-49538
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitati...
Jhenggao iPublish System 安全漏洞
Jhenggao iPublish System is a presentation platform from Jhenggao Corporation, Taiwan, China. A security vulnerability exists in the Jhenggao iPublish System that originates from vulnerability to arbitrary file read attacks...
Adobe ColdFusion 代码问题漏洞
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability, the vulnerability stems from the serv...
RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities
Overview Multiple vulnerabilities have been identified in RUCKUS Networks management products, specifically Virtual SmartZone vSZ and Network Director RND, including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution...
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
CVE-2025-6209
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
PYSEC-2025-65
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...