CVE-2024-2045

The CVE-2024-2045 entry concerns Session version 1.17.5. Affected component: Local File Read via chat attachments, enabling retrieval of internal application files and public files from a user’s device without consent. This is a Local attack (LOCAL) requiring user interaction. Descriptions from m...

CVE-2024-2045 Session 1.17.5 - LFR via chat attachment

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

CVE-2024-2045 Session 1.17.5 - LFR via chat attachment

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

PT-2024-18665 · Session · Session

Name of the Vulnerable Software and Affected Versions: Session version 1.17.5 Description: The application is vulnerable to Local File Read via chat attachments, allowing internal application files and public files from the user's device to be obtained without the user's consent. Recommendations:...

CVE-2022-25377

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...

PT-2024-11533 · Appwrite · Appwrite

Name of the Vulnerable Software and Affected Versions: Appwrite versions 0.5.0 through 0.12.x before 0.12.2 Description: The issue allows remote attackers to read arbitrary local files via ../ directory traversal in the "ACME-challenge" endpoint. This vulnerability requires the existence of APP...

CVE-2024-1648 electron-pdf 20.0.0 - Local File Read via Server Side XSS

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

CVE-2024-1647 pyhtml2pdf 0.0.6 - Local File Read via Server Side XSS

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

CVE-2024-1647 pyhtml2pdf 0.0.6 - Local File Read via Server Side XSS

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

CVE-2024-0849 Leanote 2.7.0 - Local File Read

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

CVE-2024-0849 Leanote 2.7.0 - Local File Read

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

CVE-2024-22240

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information...

CVE-2024-22240

Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information...

CVE-2024-22240

CVE-2024-22240 affects VMware Aria Operations for Networks. The issue is a local file read vulnerability exploitable by a user with admin/management privileges, potentially allowing unauthorized access to sensitive data. Public details describe the vulnerability without providing exploit steps be...

PT-2024-1682 · Vmware · Vmware Aria Operations For Networks

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Networks affected versions not specified Description: The issue is related to a local file read vulnerability in VMware Aria Operations for Networks. This vulnerability can be exploited by a malicious actor with adm...

CVE-2023-39611

An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests...

CVE-2023-39611

An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests...

Software FX Chart FX Security Vulnerability

Software FX Chart FX is a data visualization library from Software FX that allows developers to create a variety of charts. A security vulnerability exists in Software FX Chart FX version 7 7.0.4962.20829, which originates from a vulnerability that allows an attacker to enumerate and read files o...