EUVD-2025-35709

An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service process. The path to a file is not sanitized f...

CVE-2025-6985

The CVE-2025-6985 entry concerns LangChain Text Splitters (langchain-text-splitters) v0.3.8, with an XML External Entity (XXE) risk due to unsafe XSLT parsing. The connected docs explain that arbitrary XSLT stylesheets are parsed using lxml.etree.parse() and lxml.etree.XSLT() without hardening, a...

CVE-2022-24683

HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or job-submit capabilities to read arbitrary files on the host filesystem as root...

CVE-2020-4678

IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423...

CVE-2019-8999

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM versions earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account...

PT-1993-1000 · University Of Minnesota · Gopherd +1

Name of the Vulnerable Software and Affected Versions: UMN gopher and gopher+ versions 1.12 and 2.0x Description: The issue allows an intruder to read any files that can be accessed by the gopher daemon. Recommendations: For UMN gopher and gopher+ versions 1.12, update to a version that fixes thi...