11286 matches found
CVE-2025-32896
CVE-2025-32896 affects Apache SeaTunnel (
Apache SeaTunnel 访问控制错误漏洞
Apache SeaTunnel is an easy-to-use data integration framework from the Apache USA Foundation. An access control error vulnerability exists in Apache SeaTunnel version 2.3.10 and earlier, which originates from an unauthorized user being able to perform arbitrary file read and deserialization attac...
Exploit for CVE-2025-1094
I have written this exploit with reference to the PoC available...
CVE-2025-4365
Arbitrary file read in NetScaler Console and NetScaler SDX SVM...
CVE-2025-4365
Arbitrary file read in NetScaler Console and NetScaler SDX SVM...
CVE-2025-4365
The CVE-2025-4365 issue affects NetScaler Console and NetScaler SDX (SVM). It is an authenticated Arbitrary File Read vulnerability in the download API (nitro/v1/download), where input validation does not properly constrain the file path, enabling an admin to read arbitrary files on the system. V...
CVE-2025-4365 NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read
Arbitrary file read in NetScaler Console and NetScaler SDX SVM...
CVE-2025-4365 NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read
Arbitrary file read in NetScaler Console and NetScaler SDX SVM...
WordPress Apptha Slider Gallery plugin path traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress Apptha Slider Gallery plugin, which stems from improper path restriction. An attacker can exploit the vulnerability to cau...
PT-2025-25649 · Citrix · Netscaler Console +1
Name of the Vulnerable Software and Affected Versions: NetScaler Console and NetScaler SDX SVM affected versions not specified Description: A security issue has been identified, allowing for arbitrary file read. This affects customer-managed environments. Recommendations: At the moment, there is ...
Citrix NetScaler Console和Citrix NetScaler SDX 安全漏洞
Citrix NetScaler Console and Citrix NetScaler SDX are both products of Citrix Corporation, U.S.A. Citrix NetScaler Console is a cloud-based service that provides a unified, centralized console for managing, monitoring, and troubleshooting the entire NetScaler application delivery...
CVE-2025-25265 Unauthenticated File Read via Web Interface
A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows a high privileged remote attacker to read files from the system’s file structure...
CVE-2025-25265 Unauthenticated File Read via Web Interface
A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows a high privileged remote attacker to read files from the system’s file structure...
CVE-2025-25265
CVE-2025-25265 concerns an unauthenticated file read via the web interface of WAGO Device Manager. The connected sources confirm a web application endpoint that can be accessed remotely by a high-privilege attacker to read files from the system’s file structure. The description across multiple fe...
The vulnerability of the M-Files Server platform’s interface allows a perpetrator to read arbitrary files.
The vulnerability of the M-Files Server platform’s automation interface is related to incorrect restrictions on the path name to the restricted catalog during the processing of the final point. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
CVE-2025-4187 UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userprofbconnect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2025-4187 UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userprofbconnect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2025-4187
CVE-2025-4187 – UserPro plugin (WordPress) Affects: UserPro - Community and User Profile WordPress Plugin
CVE-2025-22242
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...
GHSA-989C-M532-P2HV Salt's worker process vulnerable to denial of service through file read operation
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...