11287 matches found
CVE-2023-51770
Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue...
CVE-2023-6038
A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...
CVE-2023-29962
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...
CVE-2022-28444
UCMS v1.6 was discovered to contain an arbitrary file read vulnerability...
CVE-2022-22279
A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access...
CVE-2022-40954
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...
CVE-2022-47747
kraken = 0.1.4 has an arbitrary file read vulnerability via the component testfs...
CVE-2022-46826
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability...
CVE-2022-48094
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php...
CVE-2022-46492
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary...
CVE-2022-26271
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php...
CVE-2022-25497
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function...
📄 ABB Cylon Aspect 3.08.03 logYumLookup.php Path Traversal
The ABB Cylon Aspect BAS controller is vulnerable to an authenticated hybrid path traversal vulnerability in logYumLookup.php due to insufficient validation of the logFile parameter. The script checks for the presence of an expected path /var/log/yum.log using strpos, which can be bypassed by...
Fedora 41 : yelp / yelp-xsl (2025-72469000ed)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-72469000ed advisory. Fix CVE-2025-3155 - arbitrary file-read. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
CVE-2022-21687
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...
CVE-2022-40715
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily...
CVE-2022-4140
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file, which could allow unauthenticated attacker to read arbitrary files on the server...
CVE-2022-20353
In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-44299
SiteServerCMS 7.1.3 sscms has a file read vulnerability...
CVE-2022-37299
An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php...