Lucene search
K

11286 matches found

Packet Storm
Packet Storm
added 2025/06/30 12:0 a.m.189 views

📄 Vite Local File Inclusion

Vite suffers from a local file inclusion vulnerability. This issue affected versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Titles: CVE-2025-30208 - Vite @fs LFI Local File Inclusion Vulnerability Author: nu11secur1ty Date: 01/09/2025 Vendor: https://vite.dev/ Software:...

5.3CVSS5.9AI score0.76736EPSS
Exploits28
GithubExploit
GithubExploit
added 2025/06/29 3:33 p.m.373 views

Exploit for CVE-2025-30208

🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanne...

5.3CVSS5.9AI score0.76736EPSS
Exploits28
OSV
OSV
added 2025/06/28 11:15 p.m.2 views

CVE-2025-53392

In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...

6.5CVSS5.9AI score0.01766EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/28 4:23 p.m.13 views

CVE-2025-34045

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...

8.7CVSS6.8AI score0.04311EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/28 12:0 a.m.18 views

VulnCheck KEV: CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

7.5CVSS7.4AI score0.02073EPSS
In wildExploits1References2
CNNVD
CNNVD
added 2025/06/28 12:0 a.m.2 views

Netgate pfSense CE 安全漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE version 2.8.0, which stems from diagcommand.php dlPath director...

6.5CVSS6.6AI score0.01766EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/06/27 10:13 a.m.452 views

Exploit for CVE-2025-30208

🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanne...

5.3CVSS5.9AI score0.76736EPSS
Exploits28
Hacker One
Hacker One
added 2025/06/27 9:42 a.m.31 views

curl: arbitrary file read via `file://` path traversal with `--path-as-is`

Summary: Using --path-as-is with a file:// URL skips normalization of .. segments allowing reading of any local file the process can access Affected version curl 8.15.0-DEV commit 2a9dfe275, June 27, 2025 on Kali Linux 2024.3, x8664 Steps To Reproduce: 1. bulild curl with debug and ASan: git clon...

6.6AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/06/27 7:51 a.m.3 views

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS7.9AI score0.10598EPSS
Exploits1References4
OSV
OSV
added 2025/06/27 7:51 a.m.3 views

SUSE-SU-2025:02153-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

7.4CVSS7.4AI score0.10598EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2025/06/27 12:0 a.m.9 views

Vite Arbitrary File Read

Vite suffers from an arbitrary file read vulnerability. Versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 are affected...

5.3CVSS5.3AI score0.76736EPSS
Exploits28
NVD
NVD
added 2025/06/26 4:15 p.m.5 views

CVE-2025-34048

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

8.7CVSS0.0059EPSS
Exploits0References4
OSV
OSV
added 2025/06/26 4:15 p.m.4 views

CVE-2025-34048

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

8.7CVSS6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/26 4:10 p.m.2 views

CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

8.7CVSS9AI score0.00462EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/26 3:52 p.m.4 views

CVE-2025-34048 D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

8.7CVSS9.1AI score0.0059EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/26 3:52 p.m.10 views

CVE-2025-34048 D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read

A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...

8.7CVSS0.0059EPSS
Exploits0References4
CVE
CVE
added 2025/06/26 3:52 p.m.39 views

CVE-2025-34048

CVE-2025-34048 affects D-Link DSL-2730U/DSL-2750U/DSL-2750E ADSL routers. A path traversal flaw stems from insufficient input validation of the getpage parameter in the /cgi-bin/webproc CGI script, allowing an unauthenticated remote attacker to read arbitrary files on the device. Affected firmwar...

8.7CVSS9.1AI score0.0059EPSS
In wildExploits0References4
Cvelist
Cvelist
added 2025/06/26 3:51 p.m.10 views

CVE-2025-34045 WeiPHP Path Traversal Arbitrary File Read

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...

8.7CVSS0.04311EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/06/26 3:51 p.m.4 views

CVE-2025-34045 WeiPHP Path Traversal Arbitrary File Read

A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...

8.7CVSS6.4AI score0.04311EPSS
Exploits1References3
CVE
CVE
added 2025/06/26 3:51 p.m.28 views

CVE-2025-34045

WeiPHP 5.0 contains a path traversal vulnerability due to insufficient validation of the picUrl parameter in /public/index.php/material/Material/_download_imgage. Unauthenticated remote attackers can read arbitrary files on the server, potentially exposing sensitive data such as configuration fil...

8.7CVSS6.4AI score0.04311EPSS
In wildExploits1References3Affected Software1
Rows per page
Query Builder