Lucene search
K

11280 matches found

CVE
CVE
added 2025/07/12 3:31 a.m.21 views

CVE-2023-39339

Ivanti Policy Secure (IPS) vulnerability CVE-2023-39339 affects all IPS versions prior to 22.6R1. An authenticated administrator can perform an arbitrary file read via a specially crafted web request. Impact is confidentiality (high) with no impact to integrity or availability reported; credentia...

4.9CVSS5.1AI score0.00945EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/12 3:31 a.m.7 views

CVE-2023-39339

A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request...

4.9CVSS0.00945EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/12 12:0 a.m.3 views

Ivanti Policy Secure 安全漏洞

Ivanti Policy Secure IPS is a network access control NAC solution from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Policy Secure IPS versions prior to 22.6R1 that originates from an authenticated administrator being able to perform arbitrary file reads via a specially craft...

4.9CVSS5.1AI score0.00945EPSS
Exploits0References2
NVD
NVD
added 2025/07/11 5:15 a.m.10 views

CVE-2025-7401

The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remotetunnel.php in all versions up to, and including, 3.0.2. This makes it possible for...

9.8CVSS0.0055EPSS
Exploits2References2
CVE
CVE
added 2025/07/11 4:22 a.m.47 views

CVE-2025-7401

The CVE-2025-7401 entry concerns the Premium Age Verification / Restriction for WordPress plugin (vulnerable up to 3.0.2). A remote_tunnel.php endpoint with insufficient access protection enables unauthenticated attackers to read from and write to arbitrary files on the affected site’s server, po...

9.8CVSS7.2AI score0.0055EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/07/11 4:22 a.m.14 views

CVE-2025-7401 Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read and Write via remote_tunnel.php

The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remotetunnel.php in all versions up to, and including, 3.0.2. This makes it possible for...

9.8CVSS0.0055EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/07/10 7:11 p.m.8 views

CVE-2025-34098 Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection

A path traversal vulnerability exists in Riverbed SteelHead VCX appliances confirmed in VCX255U 9.6.0a due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter...

7.1CVSS0.00717EPSS
Exploits0References3
CVE
CVE
added 2025/07/10 7:11 p.m.21 views

CVE-2025-34098

The CVE-2025-34098 entry describes a path traversal vulnerability in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) where improper input validation in the log filtering functionality exposed via the management web interface allows an authenticated attacker to submit crafted filte...

7.1CVSS6.6AI score0.00717EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/07/10 4:57 p.m.273 views

Exploit for CVE-2024-27954

CVE-2024-27954 - WordPress wp-automatic Plugin LFI Scanner Th...

9.3CVSS9.7AI score0.72953EPSS
Exploits2
Hacker One
Hacker One
added 2025/07/09 5:36 a.m.29 views

curl: Arbitrary File Read via file:// Protocol in cURL

cURL’s file:// protocol handler is enabled by default, allowing access to local files on the system. This behavior enables an attacker with the ability to run cURL commands to read arbitrary files on the host by specifying file paths or using directory traversal techniques. Steps to reproduce: 1...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/09 12:0 a.m.4 views

PT-2025-28950 · Ruckus +1 · Smartzone +2

Name of the Vulnerable Software and Affected Versions: RUCKUS SmartZone SZ versions prior to 6.1.2p3 Refresh Build Description: RUCKUS SmartZone SZ is susceptible to an OS command injection issue through a specific parameter within an API route. Recommendations: Update RUCKUS SmartZone SZ to...

8.8CVSS9.3AI score0.01818EPSS
Exploits0References9
OSV
OSV
added 2025/07/08 9:15 p.m.2 views

CVE-2025-49545

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...

6.2CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49538

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitati...

7.4CVSS5.9AI score0.01973EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.3 views

Jhenggao iPublish System 安全漏洞

Jhenggao iPublish System is a presentation platform from Jhenggao Corporation, Taiwan, China. A security vulnerability exists in the Jhenggao iPublish System that originates from vulnerability to arbitrary file read attacks...

8.7CVSS6.8AI score0.00541EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.3 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability, the vulnerability stems from the serv...

6.2CVSS6.6AI score0.00362EPSS
Exploits0References1
CERT
CERT
added 2025/07/08 12:0 a.m.47 views

RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities

Overview Multiple vulnerabilities have been identified in RUCKUS Networks management products, specifically Virtual SmartZone vSZ and Network Director RND, including authentication bypass, hardcoded secrets, arbitrary file read by authenticated users, and unauthenticated remote code execution...

9.9CVSS10AI score0.02096EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/07/07 3:30 p.m.8 views

LlamaIndex vulnerable to Path Traversal attack through its encode_image function

A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS7.3AI score0.00545EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/07/07 1:15 p.m.8 views

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS0.00545EPSS
Exploits1References2
PyPA
PyPA
added 2025/07/07 1:15 p.m.10 views

PYSEC-2025-65

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6.8AI score0.00545EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/07 12:30 p.m.11 views

LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...

7.5CVSS7.4AI score0.00555EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder