Lucene search
K

31 matches found

Vulnrichment
Vulnrichment
added 2026/04/12 12:28 p.m.3 views

CVE-2019-25706 Across DR-810 ROM-0 Unauthenticated File Disclosure

Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the...

8.7CVSS5.8AI score0.00535EPSS
Exploits0References3
NVD
NVD
added 2025/12/30 11:15 p.m.7 views

CVE-2022-50792

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected...

8.7CVSS0.01349EPSS
Exploits2References5
CVE
CVE
added 2025/12/30 10:41 p.m.14 views

CVE-2022-50792

CVE-2022-50792 concerns SOUND4 IMPACT/FIRST/PULSE/Eco products (2.x and below) with an unauthenticated file disclosure vulnerability reachable over the network. The issue arises from allowing manipulation of the GET parameter file to disclose arbitrary device files (path traversal-like behavior d...

8.7CVSS6.5AI score0.01349EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-54240

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software contains an unauthenticated file disclosure issue that allows remote attackers to access sensitive system files. Attackers can exploit the issue by manipulating the...

9.8CVSS6.5AI score0.01349EPSS
Exploits2References8
OSV
OSV
added 2025/12/10 9:16 p.m.5 views

CVE-2020-36899

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

7.5CVSS5.9AI score0.00838EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 9:3 p.m.24 views

CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

8.7CVSS0.00838EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 p.m.5 views

CVE-2020-36878

ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local...

8.7CVSS6.3AI score0.00303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/28 6:59 a.m.5 views

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

7.5CVSS6.5AI score0.03625EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-32488

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01746EPSS
Exploits3References3
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/21 12:0 a.m.25 views

Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Oracle Agile Product Lifecycle Management PLM contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure...

7.5CVSS6.8AI score0.01496EPSS
In wildExploits0
Packet Storm
Packet Storm
added 2024/10/07 12:0 a.m.262 views

ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure

ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2024/10/06 12:0 a.m.238 views

ABB Cylon Aspect 3.08.01 (logYumLookup.php) Unauthenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an unauthenticated...

5.8AI score
Exploits0
OSV
OSV
added 2023/03/28 9:15 p.m.5 views

CVE-2023-28375

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...

7.5CVSS7.1AI score0.01537EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/03/28 8:2 p.m.9 views

CVE-2023-28375 CVE-2023-28375

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...

7.5CVSS6.8AI score0.01537EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/03/28 8:2 p.m.26 views

CVE-2023-28375 CVE-2023-28375

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...

7.5CVSS7.7AI score0.01537EPSS
Exploits1References1
EUVD
EUVD
added 2022/08/31 3:47 p.m.6 views

EUVD-2022-39775

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

7.5CVSS7.5AI score0.19669EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2022/04/08 9:15 a.m.3 views

CVE-2022-28002

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home...

7.5CVSS7.1AI score0.01746EPSS
Exploits3References3
CVE
CVE
added 2022/04/08 8:23 a.m.81 views

CVE-2022-28002

CVE-2022-28002 corresponds to a vulnerability in Movie Seat Reservation v1 described as an unauthenticated file disclosure via /index.php?page=home. Connected sources corroborate: the issue stems from lack of authentication and file restrictions, enabling disclosure of confidential files through ...

7.5CVSS8AI score0.01746EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2022/04/08 8:23 a.m.23 views

CVE-2022-28002

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home...

7.8AI score0.01746EPSS
Exploits3References2
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.310 views

HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: https://www.szuray.com/ Software Link: N/A Version: up to 1.97 Tested on: Linux CVE: CVE-2020-24219 Vendors: URayTech...

7.8CVSS7.7AI score0.23636EPSS
Exploits3
Rows per page
Query Builder