Lucene search
K

11286 matches found

Github Security Blog
Github Security Blog
added 2025/06/13 9:30 a.m.6 views

Salt's worker process vulnerable to denial of service through file read operation

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

5.6CVSS7.1AI score0.00122EPSS
Exploits0References5Affected Software1
Huntr
Huntr
added 2025/06/13 8:33 a.m.6 views

Full system file read and delete via GET /api/v1/images/download/{bulk_download_item_name}

Description For invokeai version v6.0.0a1 and below, there is an endpoint for bulk downloading zip file. With some manipulation of the filename arguments, attacker can read and also delete any files on the server through this endpoint. P/S: Tested on Windows Proof of Concept Request: GET...

9.8CVSS7AI score0.00353EPSS
Exploits0
NVD
NVD
added 2025/06/13 7:15 a.m.12 views

CVE-2025-22242

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

5.6CVSS0.00122EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 7:8 a.m.19 views

CVE-2025-22242 CVE-2025-22242 salt advisory

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

5.6CVSS0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 7:8 a.m.3 views

CVE-2025-22242 CVE-2025-22242 salt advisory

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

5.6CVSS7.1AI score0.00122EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 7:8 a.m.66 views

CVE-2025-22242

CVE-2025-22242 describes a Denial of Service caused by an uncontrolled file read in Salt Master’s pub_ret path, due to unsanitized jid input that can construct arbitrary file paths. Connected advisories indicate this vulnerability is fixed in Salt packages across SUSE/openSUSE updates (e.g., Salt...

5.6CVSS5.6AI score0.00122EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/13 4:31 a.m.6 views

CVE-2025-4798

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

4.9CVSS5.7AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 8:19 a.m.6 views

CVE-2025-5741

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server...

6.9CVSS5.1AI score0.00534EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/12 8:15 a.m.11 views

Arbitrary File Read

org.apache.kafka, kafka-clients is vulnerable to Arbitrary File Read. The vulnerability is due to the lack of proper validation and restriction on the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url configuration fields, which allows the use of arbitrary URLs, including...

7.5CVSS7.4AI score0.62368EPSS
Exploits2References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/12 12:18 a.m.5 views

CVE-2024-57186

In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...

5.4CVSS5.4AI score0.00366EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/06/11 10:21 p.m.3 views

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

7.5CVSS6.5AI score0.0033EPSS
Exploits1References5
OSV
OSV
added 2025/06/11 7:43 p.m.1 views

SUSE-SU-2025:01904-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

7.4CVSS7.9AI score0.10598EPSS
Exploits1References3
NVD
NVD
added 2025/06/11 4:15 a.m.10 views

CVE-2025-4798

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

4.9CVSS0.00355EPSS
Exploits0References4
OSV
OSV
added 2025/06/11 4:15 a.m.3 views

CVE-2025-4798

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/11 3:41 a.m.15 views

CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

4.9CVSS0.00355EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/11 3:41 a.m.4 views

CVE-2025-4798 WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with...

4.9CVSS6.9AI score0.00355EPSS
Exploits0References4
CVE
CVE
added 2025/06/11 3:41 a.m.64 views

CVE-2025-4798

CVE-2025-4798 affects the WP-DownloadManager WordPress plugin, with versions up to and including 1.68.10 vulnerable to an arbitrary file read. The issue arises from lack of directory restrictions when an administrator stores downloads, enabling authenticated attackers with Administrator-level acc...

4.9CVSS5.7AI score0.00355EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.4 views

PT-2025-25180 · WordPress · Wp-Downloadmanager

Name of the Vulnerable Software and Affected Versions: WP-DownloadManager plugin for WordPress versions up to, and including, 1.68.10 Description: The issue is due to a lack of restriction on the directory an administrator can select for storing downloads, making it possible for authenticated...

4.9CVSS5.5AI score0.00355EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.6 views

PT-2025-25205 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: llama index versions 0.12.23 through 0.12.28 Description: A flaw in the ObsidianReader class allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether...

7.5CVSS7.3AI score0.00555EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2025/06/10 1:5 p.m.5 views

CVE-2025-27817

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

8.1CVSS7.2AI score0.62368EPSS
Exploits2References4
Rows per page
Query Builder