128 matches found
PT-2025-21644 · Pnetlab · Pnetlab
Name of the Vulnerable Software and Affected Versions: PNETLab version 4.2.10 Description: The issue arises from the application's failure to properly sanitize user inputs in its file access mechanisms, allowing attackers to perform directory traversal by manipulating file paths in HTTP requests...
SAP Supplier Relationship Management 代码问题漏洞
SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP, Germany. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides invoicing and other functionality. A code issue vulnerability exists in...
VulnCheck KEV: CVE-2025-27920
Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-32986
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...
CVE-2025-32986
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
🛡️ SOC287 - Arbitrary File Read on Checkpoint Security Gateway...
CVE-2025-32986
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...
PT-2025-17944 · Netscout · Ngeniusone
Name of the Vulnerable Software and Affected Versions: NETSCOUT nGeniusONE versions prior to 6.4.0 b2350 Description: The issue concerns a Sensitive File Accessible Without Proper Authentication to an endpoint. No information is provided about the estimated number of potentially affected devices...
CVE-2025-32986
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint...
CVE-2025-32986
NETSCOUT nGeniusONE vulnerable prior to version 6.4.0 b2350. The issue is a sensitive file accessible without proper authentication to an endpoint, indicating an access-control weakness in the affected component. Affected product/version: NETSCOUT nGeniusONE before 6.4.0 b2350. Reported impact: e...
Unauthorized File Exposure
Vite is vulnerable to Unauthorized File Exposure. The vulnerability is due to improper exposure of non-allowed files through the ?inline or ?raw?import methods when the Vite dev server is explicitly exposed to the network using --host or the server.host config option, allows unauthorized access t...
PT-2025-15333 · WordPress · Simple Wp Events
Name of the Vulnerable Software and Affected Versions: Simple WP Events plugin for WordPress versions up to and including 1.8.17 Description: The issue arises from insufficient file path validation in the wpe delete file AJAX action, allowing unauthenticated attackers to delete arbitrary files on...
GHSA-W34W-FVP3-68XM Yeswiki Path Traversal vulnerability allows arbitrary read of files
Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...
Arbitary file read through path traversal
Description: The code in genericutils.py has a path traversal vulnerability, which allows an attacker to control the file path provided to the ImageDocument class. This can lead to the reading of arbitrary files on the server, including sensitive system files, through base64 encoding and decoding...
Exploit for CVE-2025-2294
Kubio Page Builder LFI Exploit CVE-2025-2294 !Pythonhttp...
Directory Traversal
Overview dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure. Affected versions of this packa...
CVE-2025-29930 imFAQ allows local file inclusion in seo.php
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...
CVE-2025-29930 imFAQ allows local file inclusion in seo.php
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $GET'seoOp' parameter is manipulated to include malicious input e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php, the application could allow an attacker to rea...