Lucene search
K

128 matches found

Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.6 views

PT-2025-21644 · Pnetlab · Pnetlab

Name of the Vulnerable Software and Affected Versions: PNETLab version 4.2.10 Description: The issue arises from the application's failure to properly sanitize user inputs in its file access mechanisms, allowing attackers to perform directory traversal by manipulating file paths in HTTP requests...

8.7CVSS6.3AI score0.00788EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.5 views

SAP Supplier Relationship Management 代码问题漏洞

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP, Germany. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides invoicing and other functionality. A code issue vulnerability exists in...

8.6CVSS6.6AI score0.00381EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/05/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-27920

Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

8.8CVSS5.9AI score0.01782EPSS
Exploits0References1
OSV
OSV
added 2025/05/05 4:15 p.m.6 views

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

8.8CVSS5.8AI score0.01782EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/05 12:0 a.m.7 views

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

7.2CVSS9.4AI score0.01782EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/27 12:10 a.m.24 views

CVE-2025-32986

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...

7.5CVSS7AI score0.00374EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 9:15 p.m.10 views

CVE-2025-32986

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...

7.5CVSS0.00374EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/25 9:30 a.m.85 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

🛡️ SOC287 - Arbitrary File Read on Checkpoint Security Gateway...

8.6CVSS7.5AI score0.99978EPSS
Exploits52
Cvelist
Cvelist
added 2025/04/25 12:0 a.m.10 views

CVE-2025-32986

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...

0.00374EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.4 views

PT-2025-17944 · Netscout · Ngeniusone

Name of the Vulnerable Software and Affected Versions: NETSCOUT nGeniusONE versions prior to 6.4.0 b2350 Description: The issue concerns a Sensitive File Accessible Without Proper Authentication to an endpoint. No information is provided about the estimated number of potentially affected devices...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/25 12:0 a.m.6 views

CVE-2025-32986

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...

7.6AI score0.00374EPSS
Exploits0References1
CVE
CVE
added 2025/04/25 12:0 a.m.67 views

CVE-2025-32986

NETSCOUT nGeniusONE vulnerable prior to version 6.4.0 b2350. The issue is a sensitive file accessible without proper authentication to an endpoint, indicating an access-control weakness in the affected component. Affected product/version: NETSCOUT nGeniusONE before 6.4.0 b2350. Reported impact: e...

7.5CVSS7AI score0.00374EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/04/09 4:20 a.m.9 views

Unauthorized File Exposure

Vite is vulnerable to Unauthorized File Exposure. The vulnerability is due to improper exposure of non-allowed files through the ?inline or ?raw?import methods when the Vite dev server is explicitly exposed to the network using --host or the server.host config option, allows unauthorized access t...

7.5CVSS6.9AI score0.58765EPSS
Exploits9References10Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.7 views

PT-2025-15333 · WordPress · Simple Wp Events

Name of the Vulnerable Software and Affected Versions: Simple WP Events plugin for WordPress versions up to and including 1.8.17 Description: The issue arises from insufficient file path validation in the wpe delete file AJAX action, allowing unauthenticated attackers to delete arbitrary files on...

9.1CVSS9.8AI score0.00767EPSS
Exploits0References8
OSV
OSV
added 2025/04/01 6:31 p.m.10 views

GHSA-W34W-FVP3-68XM Yeswiki Path Traversal vulnerability allows arbitrary read of files

Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...

8.6CVSS7AI score0.05366EPSS
Exploits6References4
Huntr
Huntr
added 2025/04/01 12:20 p.m.8 views

Arbitary file read through path traversal

Description: The code in genericutils.py has a path traversal vulnerability, which allows an attacker to control the file path provided to the ImageDocument class. This can lead to the reading of arbitrary files on the server, including sensitive system files, through base64 encoding and decoding...

7.5CVSS7.2AI score0.00545EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/03/31 11:51 a.m.417 views

Exploit for CVE-2025-2294

Kubio Page Builder LFI Exploit CVE-2025-2294 !Pythonhttp...

9.8CVSS7AI score0.76761EPSS
Exploits12
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Directory Traversal

Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...

9.1CVSS7.6AI score0.00769EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/18 6:53 p.m.22 views

CVE-2025-29930 imFAQ allows local file inclusion in seo.php

imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...

6.9CVSS0.00355EPSS
Exploits0References2
OSV
OSV
added 2025/03/18 6:53 p.m.11 views

CVE-2025-29930 imFAQ allows local file inclusion in seo.php

imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...

6.9CVSS6.6AI score0.00355EPSS
Exploits0References4
Rows per page
Query Builder