11283 matches found
CVE-2025-52574 SysmonElixir path traversal in /read endpoint allows arbitrary file read
SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1...
CVE-2025-52574 SysmonElixir path traversal in /read endpoint allows arbitrary file read
SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1...
CVE-2025-52574
SysmonElixir (Elixir) contains a path-traversal vulnerability in the /read endpoint. Prior to version 1.0.1, this endpoint could read arbitrary files from the server filesystem (including /etc/passwd). In version 1.0.1, a whitelist was added to restrict reads to files under priv/data, and the iss...
Bypass of Mysql Jdbc Attck for CVE-2025-6507
Credits Le1ahttps://github.com/Le1a A1kaidhttps://github.com/for-A1kaid ph0ebushttps://github.com/ph0ebus Description Attackers can exploit this vulnerability to read any system file and even execute arbitrary code through deserialization. The project manager fixed CVE-2025-6507 which I discovere...
CVE-2025-32896
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
PT-2025-38661
Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 versions 3.46.0.8 and earlier Description A deserialization issue exists in h2oai/h2o-3 versions 3.46.0.8 and earlier, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability is due to improp...
FreeBSD : Yelp -- arbitrary file read (0e200a73-289a-489e-b405-40b997911036)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0e200a73-289a-489e-b405-40b997911036 advisory. [email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help...
FreeBSD : Yelp -- arbitrary file read (9449f018-84a3-490d-959f-38c05fbc77a7)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9449f018-84a3-490d-959f-38c05fbc77a7 advisory. [email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help...
Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)
The Schneider Electric EVLink WallBox is a home charging station from the French company Schneider Electric. The Schneider Electric EVLink WallBox suffers from a path traversal vulnerability that stems from improperly restricted pathnames, which can be exploited by an attacker to cause arbitrary...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...
Apache SeaTunnel: Unauthenticated insecure access
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...
GHSA-9X53-GR7P-4QF5 Apache SeaTunnel: Unauthenticated insecure access
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
CVE-2025-32896
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
CVE-2025-32896
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access
Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...
CVE-2025-32896
CVE-2025-32896 affects Apache SeaTunnel (
Apache SeaTunnel 访问控制错误漏洞
Apache SeaTunnel is an easy-to-use data integration framework from the Apache USA Foundation. An access control error vulnerability exists in Apache SeaTunnel version 2.3.10 and earlier, which originates from an unauthorized user being able to perform arbitrary file read and deserialization attac...
Exploit for CVE-2025-1094
I have written this exploit with reference to the PoC available...