11286 matches found
Salt's worker process vulnerable to denial of service through file read operation
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...
Full system file read and delete via GET /api/v1/images/download/{bulk_download_item_name}
Description For invokeai version v6.0.0a1 and below, there is an endpoint for bulk downloading zip file. With some manipulation of the filename arguments, attacker can read and also delete any files on the server through this endpoint. P/S: Tested on Windows Proof of Concept Request: GET...
CVE-2025-22242
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...
CVE-2025-22242 CVE-2025-22242 salt advisory
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...
CVE-2025-22242 CVE-2025-22242 salt advisory
Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...
CVE-2025-22242
CVE-2025-22242 describes a Denial of Service caused by an uncontrolled file read in Salt Master’s pub_ret path, due to unsanitized jid input that can construct arbitrary file paths. Connected advisories indicate this vulnerability is fixed in Salt packages across SUSE/openSUSE updates (e.g., Salt...
CVE-2025-4798
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...
CVE-2025-5741
CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server...
Arbitrary File Read
org.apache.kafka, kafka-clients is vulnerable to Arbitrary File Read. The vulnerability is due to the lack of proper validation and restriction on the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url configuration fields, which allows the use of arbitrary URLs, including...
CVE-2024-57186
In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...
libxml2: Out-of-Bounds Read in libxml2
A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...
SUSE-SU-2025:01904-1 Security update for yelp
This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...
CVE-2025-4798
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...
CVE-2025-4798
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...
CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...
CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...
CVE-2025-4798
CVE-2025-4798 affects the WP-DownloadManager WordPress plugin, with versions up to and including 1.68.10 vulnerable to an arbitrary file read. The issue arises from lack of directory restrictions when an administrator stores downloads, enabling authenticated attackers with Administrator-level acc...
PT-2025-25180 · WordPress · Wp-Downloadmanager
Name of the Vulnerable Software and Affected Versions: WP-DownloadManager plugin for WordPress versions up to, and including, 1.68.10 Description: The issue is due to a lack of restriction on the directory an administrator can select for storing downloads, making it possible for authenticated...
PT-2025-25205 · Unknown · Llama Index
Name of the Vulnerable Software and Affected Versions: llama index versions 0.12.23 through 0.12.28 Description: A flaw in the ObsidianReader class allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether...
CVE-2025-27817
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...