Lucene search
K

11283 matches found

Vulnrichment
Vulnrichment
added 2025/06/24 2:52 a.m.4 views

CVE-2025-52574 SysmonElixir path traversal in /read endpoint allows arbitrary file read

SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1...

7.5CVSS7AI score0.00419EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/24 2:52 a.m.10 views

CVE-2025-52574 SysmonElixir path traversal in /read endpoint allows arbitrary file read

SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1...

7.5CVSS0.00419EPSS
Exploits0References2
CVE
CVE
added 2025/06/24 2:52 a.m.20 views

CVE-2025-52574

SysmonElixir (Elixir) contains a path-traversal vulnerability in the /read endpoint. Prior to version 1.0.1, this endpoint could read arbitrary files from the server filesystem (including /etc/passwd). In version 1.0.1, a whitelist was added to restrict reads to files under priv/data, and the iss...

7.5CVSS7.5AI score0.00419EPSS
Exploits0References2
Huntr
Huntr
added 2025/06/23 8:59 a.m.5 views

Bypass of Mysql Jdbc Attck for CVE-2025-6507

Credits Le1ahttps://github.com/Le1a A1kaidhttps://github.com/for-A1kaid ph0ebushttps://github.com/ph0ebus Description Attackers can exploit this vulnerability to read any system file and even execute arbitrary code through deserialization. The project manager fixed CVE-2025-6507 which I discovere...

9.8CVSS7.5AI score0.12993EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/06/23 8:41 a.m.6 views

CVE-2025-32896

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

6.5CVSS7.3AI score0.01039EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.4 views

PT-2025-38661

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 versions 3.46.0.8 and earlier Description A deserialization issue exists in h2oai/h2o-3 versions 3.46.0.8 and earlier, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability is due to improp...

9.8CVSS7.5AI score0.00839EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2025/06/20 12:0 a.m.3 views

FreeBSD : Yelp -- arbitrary file read (0e200a73-289a-489e-b405-40b997911036)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0e200a73-289a-489e-b405-40b997911036 advisory. [email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help...

7.4CVSS7.5AI score0.10598EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/06/20 12:0 a.m.2 views

FreeBSD : Yelp -- arbitrary file read (9449f018-84a3-490d-959f-38c05fbc77a7)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9449f018-84a3-490d-959f-38c05fbc77a7 advisory. [email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help...

7.4CVSS7.5AI score0.10598EPSS
Exploits1References3
CNVD
CNVD
added 2025/06/20 12:0 a.m.2 views

Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)

The Schneider Electric EVLink WallBox is a home charging station from the French company Schneider Electric. The Schneider Electric EVLink WallBox suffers from a path traversal vulnerability that stems from improperly restricted pathnames, which can be exploited by an attacker to cause arbitrary...

6.9CVSS7.1AI score0.00534EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/19 12:30 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

6.9CVSS7.1AI score0.01039EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/06/19 12:30 p.m.13 views

Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

6.5CVSS7.3AI score0.01039EPSS
Exploits0References6Affected Software2
Snyk
Snyk
added 2025/06/19 12:30 p.m.6 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the restful api-v1 endpoint. An attacker can gain unauthorized access to sensitive operations by submitting jobs through the /hazelcast/rest/maps/submit-job endpoint and setting extra...

6.9CVSS7.1AI score0.01039EPSS
Exploits0References2
OSV
OSV
added 2025/06/19 12:30 p.m.5 views

GHSA-9X53-GR7P-4QF5 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

6.9CVSS9.8AI score0.01039EPSS
Exploits0References6
NVD
NVD
added 2025/06/19 11:15 a.m.8 views

CVE-2025-32896

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

6.5CVSS0.01039EPSS
Exploits0References3
OSV
OSV
added 2025/06/19 11:15 a.m.5 views

CVE-2025-32896

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

6.5CVSS9.5AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/19 10:38 a.m.4 views

CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

7.3AI score0.01039EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/19 10:38 a.m.13 views

CVE-2025-32896 Apache SeaTunnel: Unauthenticated insecure access

Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. Details Unauthorized users can access /hazelcast/rest/maps/submit-job to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and...

0.01039EPSS
Exploits0References2
CVE
CVE
added 2025/06/19 10:38 a.m.52 views

CVE-2025-32896

CVE-2025-32896 affects Apache SeaTunnel (

6.5CVSS7.1AI score0.01039EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.6 views

Apache SeaTunnel 访问控制错误漏洞

Apache SeaTunnel is an easy-to-use data integration framework from the Apache USA Foundation. An access control error vulnerability exists in Apache SeaTunnel version 2.3.10 and earlier, which originates from an unauthorized user being able to perform arbitrary file read and deserialization attac...

6.5CVSS8.9AI score0.01039EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/06/18 3:18 p.m.922 views

Exploit for CVE-2025-1094

I have written this exploit with reference to the PoC available...

9.8CVSS8.4AI score0.89472EPSS
Exploits14
Rows per page
Query Builder