11286 matches found
📄 Vite Local File Inclusion
Vite suffers from a local file inclusion vulnerability. This issue affected versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Titles: CVE-2025-30208 - Vite @fs LFI Local File Inclusion Vulnerability Author: nu11secur1ty Date: 01/09/2025 Vendor: https://vite.dev/ Software:...
Exploit for CVE-2025-30208
🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanne...
CVE-2025-53392
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diagcommand.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed throug...
CVE-2025-34045
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...
VulnCheck KEV: CVE-2024-5334
A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...
Netgate pfSense CE 安全漏洞
Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate, Inc. that supports enterprise-class network security and network management features. A security vulnerability exists in Netgate pfSense CE version 2.8.0, which stems from diagcommand.php dlPath director...
Exploit for CVE-2025-30208
🔥 CVE-2025-30208 Vite Arbitrary File Read Vulnerability Scanne...
curl: arbitrary file read via `file://` path traversal with `--path-as-is`
Summary: Using --path-as-is with a file:// URL skips normalization of .. segments allowing reading of any local file the process can access Affected version curl 8.15.0-DEV commit 2a9dfe275, June 27, 2025 on Kali Linux 2024.3, x8664 Steps To Reproduce: 1. bulild curl with debug and ASan: git clon...
Security update for yelp-xsl
This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2025:02153-1 Security update for yelp-xsl
This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...
Vite Arbitrary File Read
Vite suffers from an arbitrary file read vulnerability. Versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 are affected...
CVE-2025-34048
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...
CVE-2025-34048
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...
CVE-2025-34047 Leadsec VPN Path Traversal Arbitrary File Read
A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...
CVE-2025-34048 D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...
CVE-2025-34048 D-Link DSL-2730U/2750U/2750E Path Traversal Arbitrary File Read
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN1.02, SEA1.04, and SEA1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI...
CVE-2025-34048
CVE-2025-34048 affects D-Link DSL-2730U/DSL-2750U/DSL-2750E ADSL routers. A path traversal flaw stems from insufficient input validation of the getpage parameter in the /cgi-bin/webproc CGI script, allowing an unauthenticated remote attacker to read arbitrary files on the device. Affected firmwar...
CVE-2025-34045 WeiPHP Path Traversal Arbitrary File Read
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...
CVE-2025-34045 WeiPHP Path Traversal Arbitrary File Read
A path traversal vulnerability exists in WeiPHP 5.0, an open source WeChat public account platform development framework by Shenzhen Yuanmengyun Technology Co., Ltd. The flaw occurs in the picUrl parameter of the /public/index.php/material/Material/downloadimgage endpoint, where insufficient inpu...
CVE-2025-34045
WeiPHP 5.0 contains a path traversal vulnerability due to insufficient validation of the picUrl parameter in /public/index.php/material/Material/_download_imgage. Unauthenticated remote attackers can read arbitrary files on the server, potentially exposing sensitive data such as configuration fil...