Lucene search
K

11287 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:43 a.m.16 views

CVE-2024-7514

The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access an...

6.5CVSS6.5AI score0.01039EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/05/23 10:26 a.m.542 views

Exploit for CVE-2025-46822

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolu...

8.7CVSS7.1AI score0.03847EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2025/05/23 10:8 a.m.3 views

CVE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...

6.5CVSS6.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.11 views

CVE-2024-28198

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

7.5CVSS6.9AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:53 a.m.6 views

CVE-2024-36814

An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory...

4.9CVSS6.5AI score0.00788EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:44 a.m.7 views

CVE-2024-21765

Electronic Delivery Check System Doboku Ver.18.1.0 and earlier, Electronic Delivery Check System Dentsu Ver.12.1.0 and earlier, Electronic Delivery Check System Kikai Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML...

5.5CVSS7AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:44 a.m.7 views

CVE-2024-21796

Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...

5.5CVSS6.9AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.5 views

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

7.5CVSS7.5AI score0.00689EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.8 views

CVE-2024-22240

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information...

4.9CVSS6.5AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.7 views

CVE-2024-12861

The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2sviewlog' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of...

6.5CVSS6.5AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:1 a.m.5 views

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data...

4.9CVSS6.5AI score0.00986EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.7 views

CVE-2024-44867

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php...

7.5CVSS7.5AI score0.01018EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.6 views

CVE-2024-5178

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...

6.9CVSS6.9AI score0.33593EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.6 views

CVE-2024-45627

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

5.9CVSS6.6AI score0.00318EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.16 views

CVE-2024-30188

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue...

8.8CVSS6.6AI score0.05987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:44 a.m.4 views

CVE-2024-37728

Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface...

7.5CVSS7.3AI score0.01852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.5 views

CVE-2024-37169

@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior to 2.0.3 are vulnerable to arbitrary file read if a threat actor uses the Playright's screenshot feature to exploit the file wrapper. Version 2.0.3 mitigates this issue by requiring input URLs to be of protocol http or https. ...

5.3CVSS5.2AI score0.00529EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.7 views

CVE-2024-55658

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversi...

8.7CVSS6.5AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.5 views

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

4.4CVSS6.8AI score0.375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:40 a.m.4 views

CVE-2024-55657

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

8.7CVSS6.3AI score0.00717EPSS
Exploits0References1
Rows per page
Query Builder