417 matches found
PowSyBl Core XML Reader allows XXE and SSRF
Impact What kind of vulnerability is it? Who is impacted? In certain places, powsybl-core XML parsing is vulnerable to an XXE attack and in on place also to an SSRF attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive...
CVE-2025-6070 Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read
The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server...
CVE-2025-44043
Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery SSRF in /KeyotiSearchEngineWebCommon/SearchService.svc/GetResults and /KeyotiSearchEngineWebCommon/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory...
PT-2025-24528 · Unknown · Unfoldwp Blogbyte
Name of the Vulnerable Software and Affected Versions: Unfoldwp Blogbyte versions 1.1.1 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...
CVE-2025-20995
Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files...
CVE-2025-27445
The CVE-2025-27445 entry concerns RSFirewall for Joomla (RSJoomla) with versions 2.9.7 through 3.1.5. A path traversal flaw arises from insufficient sanitization of user-supplied file path parameters, allowing authenticated users to read arbitrary files outside the Joomla root. The issue is descr...
Sensitive Information Disclosure
mautic/core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to unauthenticated arbitrary file access where the missing web server restrictions on .env files, allowing attackers to directly view sensitive configurations via a browser...
CVE-2025-5273
CVE-2025-5273 affects all versions of the package mcp-markdownify-server . The vulnerability arises from the get-markdown-file tool, where a crafted prompt accessed by the MCP host can cause the server to read arbitrary files on the host running it. This allows unauthorized disclosure of host fil...
CVE-2025-5273
Versions of the package mcp-markdownify-server before 1.0.0 are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the...
CVE-2025-24115
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to read files outside of its sandbox...
CVE-2024-23488
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2024-1209
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...
CVE-2024-20828
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication...
CVE-2024-22385
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4...
CVE-2024-47580
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or...
CVE-2024-27102
Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...
CVE-2024-44190
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to read arbitrary files...
CVE-2024-7480
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface CLI user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer...
CVE-2023-51006
An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors...