Lucene search
K

11287 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.4 views

The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the GetOverview method in the software for managing and monitoring remote devices in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...

9CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.5 views

The vulnerability of the LockTcmSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the LockTcmSettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

9CVSS6.1AI score0.00525EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.5 views

The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems allows a security intruder to read and write arbitrary files and execute arbitrary code.

The vulnerability of the UnlockWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetering and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

9CVSS6.1AI score0.0049EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.7 views

Debian dla-4190 : mydumper - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4190 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4190-1 [email protected] https://www.debian.org/lts/security/...

5.1CVSS5.8AI score0.00657EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/28 9:31 a.m.11 views

Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

9.1CVSS7.1AI score0.00576EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/05/28 9:31 a.m.4 views

GHSA-98V7-XXXV-HCRH Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

8.7CVSS7.4AI score0.00576EPSS
Exploits0References5
Snyk
Snyk
added 2025/05/28 8:41 a.m.2 views

Improper Handling of Invalid Use of Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters into JDBC URL and potentially access or modify data without proper authorisation...

9.3CVSS7AI score0.00576EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/28 8:41 a.m.3 views

Improper Handling of Invalid Use of Special Elements

Overview org.apache.inlong:manager-common is an one-stop integration framework for massive data Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters...

9.3CVSS7AI score0.00576EPSS
Exploits0References2
OSV
OSV
added 2025/05/28 8:15 a.m.9 views

CVE-2025-27528

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

9.1CVSS5.8AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/28 8:12 a.m.17 views

CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

7.2AI score0.00576EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/28 8:12 a.m.20 views

CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

0.00576EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.10 views

WordPress File Away 3.9.9.0.1 Arbitrary File Read

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

7.5CVSS5.5AI score0.0155EPSS
Exploits6
CNVD
CNVD
added 2025/05/28 12:0 a.m.2 views

Arbitrary File Read Vulnerability in PicHome of Beijing Qiaoqiao Times Network Technology Co.

PicHome is an image display portal, image search engine for the Ouatto document system. Beijing Qiaoqiao Times Network Technology Co., Ltd PicHome has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
NVD
NVD
added 2025/05/27 7:15 p.m.14 views

CVE-2025-45529

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor...

7.1CVSS0.00305EPSS
Exploits1References2
OSV
OSV
added 2025/05/27 7:15 p.m.3 views

CVE-2025-45529

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor...

7.1CVSS5.9AI score0.00305EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/05/27 7:0 a.m.3 views

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

...

7.5CVSS6.8AI score0.0033EPSS
Exploits1
Cvelist
Cvelist
added 2025/05/27 12:0 a.m.7 views

CVE-2025-45529

An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor...

0.00305EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/27 12:0 a.m.4 views

PT-2025-23022 · Sscms · Sscms

Name of the Vulnerable Software and Affected Versions: SSCMS version 7.3.1 Description: The issue allows attackers to read arbitrary files by sending a crafted GET request to the "/cms/templates/templatesAssetsEditor" API endpoint, exploiting a flaw in the ReadTextAsynchronous function...

7.1CVSS6.5AI score0.00305EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/27 12:0 a.m.2 views

SSCMS 安全漏洞

SSCMS SiteServerCMS is a content management system from China's Bailong Qianwei SSCMS company. A security vulnerability exists in SSCMS version v7.3.1, which originates from the ReadTextAsynchronous function that allows reading arbitrary files...

7.1CVSS6.8AI score0.00305EPSS
Exploits1References2
CVE
CVE
added 2025/05/27 12:0 a.m.49 views

CVE-2025-45529

CVE-2025-45529 affects SSCMS v7.3.1. The vulnerability resides in the ReadTextAsynchronous function, allowing an attacker to read arbitrary files by crafting a GET request to the endpoint /cms/templates/templatesAssetsEditor. Multiple connected sources confirm the same issue and root cause. A pra...

7.1CVSS6.8AI score0.00305EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder