Lucene search
K

11280 matches found

CVE
CVE
added 2025/07/01 2:49 p.m.44 views

CVE-2025-34060

CVE-2025-34060 describes a PHP object/objection injection in Monero Project’s Laravel-based forum software via the /get/image/ endpoint. The app passes a user-supplied link parameter directly to file_get_contents() without validation; MIME-type checks via finfo can be bypassed with crafted stream...

10CVSS7.5AI score0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/01 2:48 p.m.10 views

CVE-2025-34058 Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...

8.7CVSS0.00852EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/01 2:48 p.m.5 views

CVE-2025-34058 Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...

8.7CVSS7.2AI score0.00852EPSS
Exploits0References4
CVE
CVE
added 2025/07/01 2:48 p.m.35 views

CVE-2025-34058

Affected software: Hikvision Streaming Media Management Server version 2.3.5. The vulnerability stems from default credentials allowing remote authentication, after which an attacker can trigger an arbitrary file read via directory traversal in the /systemLog/downFile.php endpoint through the fil...

8.7CVSS6.7AI score0.00852EPSS
In wildExploits0References4
Tenable Nessus
Tenable Nessus
added 2025/07/01 12:0 a.m.4 views

SUSE SLES12 Security Update : yelp (SUSE-SU-2025:02169-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02169-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Tenable has...

7.4CVSS8AI score0.10598EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/07/01 12:0 a.m.2 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : yelp-xsl (SUSE-SU-2025:02168-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02168-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files...

7.4CVSS8AI score0.10598EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/07/01 12:0 a.m.6 views

PT-2025-27541 · Hikvision · Hikvision Streaming Media Management Server

Name of the Vulnerable Software and Affected Versions: Hikvision Streaming Media Management Server version 2.3.5 Description: The issue allows remote attackers to authenticate using default credentials and access restricted functionality. After authentication, an attacker can exploit an arbitrary...

8.7CVSS6.2AI score0.00852EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/06/30 1:16 p.m.21 views

org.apache.kafka: Kafka Client Arbitrary File Read SSRF

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

7.5CVSS7.2AI score0.62368EPSS
Exploits2References5
SUSE Linux
SUSE Linux
added 2025/06/30 7:15 a.m.1 views

Security update for yelp

This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS7.9AI score0.10598EPSS
Exploits1References4
OSV
OSV
added 2025/06/30 7:15 a.m.2 views

SUSE-SU-2025:02170-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

7.4CVSS7.4AI score0.10598EPSS
Exploits1References3
OSV
OSV
added 2025/06/30 7:15 a.m.3 views

SUSE-SU-2025:02169-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

7.4CVSS7.4AI score0.10598EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2025/06/30 7:15 a.m.2 views

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS7.9AI score0.10598EPSS
Exploits1References4
OSV
OSV
added 2025/06/30 7:15 a.m.3 views

SUSE-SU-2025:02168-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

7.4CVSS7.4AI score0.10598EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/06/30 12:22 a.m.14 views

CVE-2025-53392

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...

5CVSS7.5AI score0.01766EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/06/30 12:0 a.m.189 views

📄 Vite Local File Inclusion

Vite suffers from a local file inclusion vulnerability. This issue affected versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Titles: CVE-2025-30208 - Vite @fs LFI Local File Inclusion Vulnerability Author: nu11secur1ty Date: 01/09/2025 Vendor: https://vite.dev/ Software:...

5.3CVSS5.9AI score0.76736EPSS
Exploits28
GithubExploit
GithubExploit
added 2025/06/29 3:33 p.m.373 views

Exploit for CVE-2025-30208

🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanne...

5.3CVSS5.9AI score0.76736EPSS
Exploits28
OSV
OSV
added 2025/06/28 11:15 p.m.2 views

CVE-2025-53392

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...

6.5CVSS5.9AI score0.01766EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/28 4:23 p.m.13 views

CVE-2025-34045

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...

8.7CVSS6.8AI score0.04311EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/28 12:0 a.m.18 views

VulnCheck KEV: CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

7.5CVSS7.4AI score0.02073EPSS
In wildExploits1References2
CNNVD
CNNVD
added 2025/06/28 12:0 a.m.2 views

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE version 2.8.0, which stems from diagcommand.php dlPath director...

6.5CVSS6.6AI score0.01766EPSS
Exploits1References2
Rows per page
Query Builder