11287 matches found
CVE-2025-27817
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery SSRF by a malicious client. Consequently,...
Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
GHSA-VGQ5-3255-V292 Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
CVE-2025-27817 Apache Kafka Client: Arbitrary file read and SSRF vulnerability
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
CVE-2025-27817 Apache Kafka Client: Arbitrary file read and SSRF vulnerability
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
CVE-2025-27817
CVE-2025-27817 : An arbitrary file read and SSRF flaw in the Apache Kafka Client (affecting Kafka Connect and related clients) allows untrusted configuration of SASL/OAUTHBEARER endpoint URLs to read local files or reach unintended URLs. Root cause: endpoints sasl.oauthbearer.token.endpoint.url a...
SUSE CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...
The vulnerability of the DOCX import function in the Polarion ALM software for application lifecycle management allows a hacker to read arbitrary files.
The vulnerability of the DOCX import function in the Polarion ALM application lifecycle management software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...
CVE-2025-31050 WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through = 2.5...
CVE-2025-31050 WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5...
CVE-2025-31050
CVE-2025-31050 pertains to the WordPress plugin Apptha Slider Gallery. Affected versions are listed as n/a through 2.5, with the underlying issue described as an improper limitation of a pathname to a restricted directory, i.e., a path traversal vulnerability. This allows an unauthenticated attac...
curl: Arbitrary File Read via Unsanitized curl Usage Results in Sensitive File Exposure
Hello team, First of all, your open report policy has improved me a lot. Your very caring team has motivated me a lot. A real bug bounty program. I hope I can contribute something to you with this report.Thank you. The application uses curl in a way that allows an attacker to specify arbitrary fi...
PT-2025-24619
Name of the Vulnerable Software and Affected Versions Apache Kafka versions 3.1.0 through 3.9.0 Apache Kafka version 3.9.1 and later require explicit configuration of allowed URLs Description A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...
VulnCheck KEV: CVE-2016-2389
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence xMII component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. dot dot in the Path parameter to /Catalog, aka SAP Security Note 2230978...
VulnCheck KEV: CVE-2019-17538
Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring...
VulnCheck KEV: CVE-2024-46938
An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files...
VulnCheck KEV: CVE-2022-37299
An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An authenticated attacker can read arbitrary files by double writing the param used during deserialization. Details Serialization is a process of converting an object into a sequence of bytes which can...