Lucene search
K

252 matches found

NVD
NVD
added 2025/06/24 3:15 a.m.12 views

CVE-2025-52574

SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a whitelist was added that limits reading to only files under priv/data. This issue has been patched in version 1.0.1...

7.5CVSS0.00419EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/13 12:0 a.m.6 views

PT-2025-25540 · Wago +1 · Cc100 0751-9X01 +17

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system’s file...

7.8CVSS6.2AI score0.00402EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/06/03 6:27 p.m.14 views

CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

8.6CVSS6.3AI score0.00439EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.8 views

CVE-2024-22096

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system...

6.5CVSS6.8AI score0.00589EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:58 a.m.21 views

CVE-2024-10585

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...

5.3CVSS5.1AI score0.00639EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:41 a.m.7 views

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

4.9CVSS6.8AI score0.04041EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.12 views

CVE-2023-46863

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...

7.5CVSS7AI score0.0085EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:54 a.m.8 views

CVE-2023-46170

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names...

6.5CVSS6.4AI score0.00452EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.8 views

CVE-2022-34127

The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter...

7.5CVSS6.8AI score0.06715EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:12 a.m.9 views

CVE-2022-32320

A Cross-Site Request Forgery CSRF in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file...

8.8CVSS7AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:38 a.m.13 views

CVE-2022-40705

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This...

7.5CVSS6.8AI score0.01414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.11 views

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

6.5CVSS6.8AI score0.04056EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.11 views

CVE-2022-28921

A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...

6.5CVSS7.2AI score0.00715EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.10 views

CVE-2022-28462

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability...

7.5CVSS7AI score0.01042EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 p.m.9 views

CVE-2022-22726

A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert Versions 2020 and prior...

6.5CVSS6.8AI score0.00771EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.8 views

CVE-2022-24372

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share...

4.9CVSS7AI score0.00463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.6 views

CVE-2021-37442

NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files...

6.5CVSS6.8AI score0.01214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.5 views

CVE-2021-24947

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...

6.5CVSS6.7AI score0.03005EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:28 p.m.7 views

CVE-2020-19954

An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...

7.5CVSS6.9AI score0.01203EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:23 p.m.11 views

CVE-2020-15507

An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors...

7.5CVSS7AI score0.02214EPSS
Exploits0
Rows per page
Query Builder