Lucene search
K

1066 matches found

Snyk
Snyk
added 2025/11/28 4:41 a.m.2 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process. An attacker can access sensitive files by submitting specially crafted XML data containing external entities. Details XXE Injection is a type of attack against an applicatio...

2.8CVSS7.4AI score0.00108EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/25 9:32 p.m.3 views

EUVD-2025-199632

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS6AI score0.00872EPSS
Exploits0References3
NVD
NVD
added 2025/11/25 7:15 p.m.5 views

CVE-2025-34350

UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...

8.7CVSS0.00872EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/24 4:31 a.m.7 views

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

7.5CVSS7AI score0.00612EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/11/19 7:43 p.m.5 views

Relative Path Traversal

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files readable by the Node.j...

5.1CVSS6.6AI score0.00424EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Firefox < 67.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-16 advisory. - A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at ...

6.5CVSS7.6AI score0.01366EPSS
Exploits0References2
CVE
CVE
added 2025/11/17 12:0 a.m.20 views

CVE-2025-63917

PDFPatcher

7.1CVSS6.7AI score0.00338EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2025/11/10 12:0 a.m.5 views

Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11788)

Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that is caused by allowing the upload of specially crafted configuration files. An attacker...

8.8CVSS6AI score0.00468EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 10:31 p.m.2 views

CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal

Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...

8.8CVSS6.6AI score0.00468EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

Advantech DeviceOn/iEdge 路径遍历漏洞

Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that is caused by allowing the upload of specially crafted configuration files. An attacker...

8.8CVSS5.8AI score0.00468EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/01 12:0 a.m.6 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/10/31 1:3 a.m.7 views

Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

...

5.9CVSS7AI score0.00239EPSS
Exploits0
Snyk
Snyk
added 2025/10/29 9:44 a.m.5 views

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the .keras archives when they are initialized with a path to a vocabulary file. The model deserialization process when loading the...

6.8CVSS6.9AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 2025/10/29 9:15 a.m.5 views

AZL-69021 CVE-2025-12058 affecting package keras 3.3.3-6

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS5.9AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2025/10/29 9:15 a.m.3 views

UBUNTU-CVE-2025-12058

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS7.4AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/29 8:48 a.m.3 views

CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS6.2AI score0.00239EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 9:30 a.m.5 views

EUVD-2025-36096

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

7.5CVSS6AI score0.03655EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 8:15 p.m.9 views

CVE-2025-62611

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

8.2CVSS0.00354EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/22 7:29 p.m.24 views

CVE-2025-62611 aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

8.2CVSS0.00354EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/22 7:29 p.m.2 views

CVE-2025-62611 aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

8.2CVSS6.3AI score0.00354EPSS
Exploits0References3
Rows per page
Query Builder