Lucene search
K

11286 matches found

Vulnrichment
Vulnrichment
added 2025/06/06 2:55 p.m.6 views

CVE-2025-27531 Apache InLong: An arbitrary file read vulnerability for JDBC

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the...

9.3AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.2 views

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.13.0 to 2.1.0. The vulnerability stems from unsafe...

9.8CVSS7AI score0.00576EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/06/05 6:44 p.m.236 views

Exploit for External Control of File Name or Path in Themewinter Eventin

CVE-2025-3419 - WordPress Eventin = 4.0.26 - Arbitrary File R...

7.5CVSS7.1AI score0.00588EPSS
Exploits1
Rhino Security Labs
Rhino Security Labs
added 2025/06/04 10:55 a.m.17 views

Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities

The post Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities appeared first on Rhino Security Labs...

7.5AI score
Exploits0
GithubExploit
GithubExploit
added 2025/06/04 7:27 a.m.690 views

Exploit for Use of a Broken or Risky Cryptographic Algorithm in File_Away_Project File_Away

CVE-2025-2539 PoC Unauthenticated Arbitrary File Read exploit...

7.5CVSS9.3AI score0.0155EPSS
Exploits6
Huntr
Huntr
added 2025/06/03 5:9 a.m.9 views

Mysql Jdbc Attck about CVE-2024-45758 and CVE-2024-10553 Bypass

Summary Attackers can exploit this vulnerability to read any system file and even execute arbitrary code through deserialization Details https://github.com/h2oai/h2o-3/commit/ac1d642b4d86f10a02d75974055baf2a4b2025ac Affected Version: The latest master branch Build project version: 3.47.0.99999...

9.8CVSS7.5AI score0.12993EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2025/06/03 12:0 a.m.6 views

The vulnerability of the OneDev collaborative development platform, related to insufficient protection of service data, allows a hacker to read arbitrary files.

The vulnerability of the OneDev collaborative development platform is related to insufficient protection for service data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

7.8CVSS7.9AI score0.24822EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVAS
added 2025/06/02 12:0 a.m.1 views

Mageia: Security Advisory (MGASA-2025-0174)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0References3
GithubExploit
GithubExploit
added 2025/05/31 8:6 p.m.339 views

Exploit for Code Injection in Grafana

🚨 CVE-2024-9264 - Grafana SQL injection leading to Remote Code...

9.9CVSS9.8AI score0.97781EPSS
Exploits10
Mageia
Mageia
added 2025/05/31 4:20 p.m.33 views

Updated deluge packages fix security vulnerabilities & bug

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/05/31 4:20 p.m.5 views

MGASA-2025-0174 Updated deluge packages fix security vulnerabilities & bug

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/31 12:0 a.m.6 views

PT-2025-23419 · Mageia · Deluge

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/31 12:0 a.m.4 views

PT-2025-23416 · Mageia · Deluge

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/31 12:0 a.m.4 views

PT-2025-23418 · Mageia · Deluge

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/31 12:0 a.m.5 views

PT-2025-23417 · Mageia · Deluge

Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...

6.1AI score
Exploits0References3
Veracode
Veracode
added 2025/05/29 5:58 a.m.17 views

Deserialization Of Untrusted Data

org.apache.inlong, manager-pojo is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to insecure deserialization in InLong JDBC, which allows attackers to bypass security mechanisms and perform arbitrary file read attacks...

9.1CVSS7AI score0.00576EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/29 5:11 a.m.4 views

CVE-2025-45529

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor...

7.1CVSS6.8AI score0.00305EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.20 views

The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

9CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.5 views

The vulnerability of the UnlockSmtpSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UnlockSmtpSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass...

9CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.4 views

The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

9CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder