Lucene search
K

11287 matches found

RedhatCVE
RedhatCVE
added 2025/06/10 1:5 p.m.5 views

CVE-2025-27817

A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...

8.1CVSS7.2AI score0.62368EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2025/06/10 9:30 a.m.24 views

Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.5CVSS7.6AI score0.62368EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2025/06/10 9:30 a.m.4 views

GHSA-VGQ5-3255-V292 Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

8.6CVSS6.7AI score0.62368EPSS
Exploits2References4
NVD
NVD
added 2025/06/10 8:15 a.m.13 views

CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.5CVSS0.62368EPSS
Exploits2References2
OSV
OSV
added 2025/06/10 8:15 a.m.5 views

CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.5CVSS7.4AI score
Exploits0References2
Cvelist
Cvelist
added 2025/06/10 7:55 a.m.153 views

CVE-2025-27817 Apache Kafka Client: Arbitrary file read and SSRF vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

0.62368EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/06/10 7:55 a.m.16 views

CVE-2025-27817 Apache Kafka Client: Arbitrary file read and SSRF vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.6AI score0.62368EPSS
Exploits2References1
CVE
CVE
added 2025/06/10 7:55 a.m.367 views

CVE-2025-27817

CVE-2025-27817 : An arbitrary file read and SSRF flaw in the Apache Kafka Client (affecting Kafka Connect and related clients) allows untrusted configuration of SASL/OAUTHBEARER endpoint URLs to read local files or reach unintended URLs. Root cause: endpoints sasl.oauthbearer.token.endpoint.url a...

7.5CVSS6.9AI score0.62368EPSS
In wildExploits2References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/06/10 2:11 a.m.2 views

SUSE CVE-2025-27817

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

7.5CVSS6.4AI score0.62368EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2025/06/10 12:0 a.m.5 views

The vulnerability of the DOCX import function in the Polarion ALM software for application lifecycle management allows a hacker to read arbitrary files.

The vulnerability of the DOCX import function in the Polarion ALM application lifecycle management software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...

6.8CVSS5.5AI score0.00448EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/09 3:56 p.m.15 views

CVE-2025-31050 WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through = 2.5...

7.5CVSS0.00461EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 3:56 p.m.3 views

CVE-2025-31050 WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5...

7.5CVSS7.6AI score0.00461EPSS
Exploits0References1
CVE
CVE
added 2025/06/09 3:56 p.m.59 views

CVE-2025-31050

CVE-2025-31050 pertains to the WordPress plugin Apptha Slider Gallery. Affected versions are listed as n/a through 2.5, with the underlying issue described as an improper limitation of a pathname to a restricted directory, i.e., a path traversal vulnerability. This allows an unauthenticated attac...

7.5CVSS5.9AI score0.00461EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/06/09 12:16 p.m.9 views

curl: Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure

Hello team, First of all, your open report policy has improved me a lot. Your very caring team has motivated me a lot. A real bug bounty program. I hope I can contribute something to you with this report.Thank you. The application uses curl in a way that allows an attacker to specify arbitrary fi...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.3 views

PT-2025-24619

Name of the Vulnerable Software and Affected Versions Apache Kafka versions 3.1.0 through 3.9.0 Apache Kafka version 3.9.1 and later require explicit configuration of allowed URLs Description A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...

7.8CVSS6.3AI score0.62368EPSS
Exploits2References28
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-2389

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...

7.8CVSS5.9AI score0.4145EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17538

Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...

7.5CVSS5.8AI score0.11648EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-46938

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files...

7.5CVSS5.9AI score0.46077EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-37299

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php...

6.5CVSS5.9AI score0.02829EPSS
Exploits1References1
Snyk
Snyk
added 2025/06/06 3:30 p.m.2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An authenticated attacker can read arbitrary files by double writing the param used during deserialization. Details Serialization is a process of converting an object into a sequence of bytes which can...

9.8CVSS6.9AI score0.00576EPSS
Exploits0References2
Rows per page
Query Builder