Cisco Identity Services Engine（Cisco ISE）和Cisco ISE Passive Identity Connector 代码问题漏洞

The Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of Cisco, Inc.The Cisco Identity Services Engine is an environment-aware platform ISE Cisco Identity Services Engine is an environment-aware platform ISE. The platform oversees the network by...

CVE-2025-59384

CVE-2025-59384 affects QNAP Qfiling prior to version 3.13.1. A path traversal flaw allows remote attackers to read arbitrary files or system data. The issue is fixed in Qfiling 3.13.1 and later. The CVSS metrics in the initial document indicate high impact with network attack potential and no use...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

VvvebJs 安全漏洞

VvvebJs is a drag-and-drop website generator from Givan Personal Developers. A security vulnerability exists in VvvebJs version 1.7.2, which stems from the filegetcontents function in the save.php file mishandling user-supplied URLs, which could lead to server-side request forgery and arbitrary...

CVE-2024-25181

A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...

Takes 安全漏洞

Takes is an object-oriented Java web development framework by the individual developer Yegor Bugayenko. A security vulnerability exists in Takes 2.0-SNAPSHOT and earlier versions, which stems from an un-normalized HTTP request path that could lead to arbitrary file reading...

PT-2025-51175

Name of the Vulnerable Software and Affected Versions MJML versions through 4.18.0 Description The software contains a directory traversal flaw within the mj-include functionality. This allows an attacker to check for the existence of files and, in cases where the type is set to "css", read files...

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading

NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP that originates from absolute path traversal and could lead to arbitrary file reading...

ReQuest Serious Play Media Player 安全漏洞

ReQuest Serious Play Media Player is a media player software from ReQuest Serious Play, Inc. A security vulnerability exists in ReQuest Serious Play Media Player version 3.0 that stems from not properly validating file parameters, which could allow an attacker to read the contents of a local file...

ThinkPHP 安全漏洞

ThinkPHP is a PHP-based, open source, lightweight web application development framework from China Top Think Information Technology ThinkPHP. A security vulnerability exists in ThinkPHP version 5.0.24, which stems from a fetch function in the file thinkphplibrary hinkTemplate.php that allows an...

Siemens SIMATIC S7-1500 Improper Restriction of XML External Entity Reference (CVE-2013-0340)

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

EUVD-2018-21611

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

CVE-2025-11072

The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files...

WordPress plugin Anti-Malware Security and Brute-Force Firewall 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability

FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1...

CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability

FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1...

CVE-2025-62612

The CVE-2025-62612 advisory concerns FastGPT prior to version 4.11.1, where the workflow file reading node does not verify the security of the network link, enabling potential SSRF attacks. Multiple connected sources corroborate the issue as a FastGPT SSRF in the workflow file reading node with u...