11280 matches found
CVE-2025-34060
CVE-2025-34060 describes a PHP object/objection injection in Monero Project’s Laravel-based forum software via the /get/image/ endpoint. The app passes a user-supplied link parameter directly to file_get_contents() without validation; MIME-type checks via finfo can be bypassed with crafted stream...
CVE-2025-34058 Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...
CVE-2025-34058 Hikvision Streaming Media Management Server Default Credentials and Authenticated Arbitrary File Read
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php...
CVE-2025-34058
Affected software: Hikvision Streaming Media Management Server version 2.3.5. The vulnerability stems from default credentials allowing remote authentication, after which an attacker can trigger an arbitrary file read via directory traversal in the /systemLog/downFile.php endpoint through the fil...
SUSE SLES12 Security Update : yelp (SUSE-SU-2025:02169-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02169-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Tenable has...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : yelp-xsl (SUSE-SU-2025:02168-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02168-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files...
PT-2025-27541 · Hikvision · Hikvision Streaming Media Management Server
Name of the Vulnerable Software and Affected Versions: Hikvision Streaming Media Management Server version 2.3.5 Description: The issue allows remote attackers to authenticate using default credentials and access restricted functionality. After authentication, an attacker can exploit an arbitrary...
org.apache.kafka: Kafka Client Arbitrary File Read SSRF
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...
Security update for yelp
This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2025:02170-1 Security update for yelp
This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...
SUSE-SU-2025:02169-1 Security update for yelp
This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...
Security update for yelp-xsl
This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2025:02168-1 Security update for yelp-xsl
This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...
CVE-2025-53392
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...
📄 Vite Local File Inclusion
Vite suffers from a local file inclusion vulnerability. This issue affected versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Titles: CVE-2025-30208 - Vite @fs LFI Local File Inclusion Vulnerability Author: nu11secur1ty Date: 01/09/2025 Vendor: https://vite.dev/ Software:...
Exploit for CVE-2025-30208
🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanne...
CVE-2025-53392
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...
CVE-2025-34045
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...
VulnCheck KEV: CVE-2024-5334
A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE version 2.8.0, which stems from diagcommand.php dlPath director...