CVE-2026-2234 HGiga｜C&Cm@il - Missing Authentication

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content...

VulnCheck KEV: CVE-2021-23263

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/ non-binary...

CVE-2024-23904

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...

Gitlab -- multiple vulnerabilities

Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Service Group IP allow-list not fully respected by the Package Registry Abusing Gitaly.GetTreeEntrie...

Path traversal

A path traversal vulnerability in servey version 3 allows an attacker to read content of any arbitrary file...

CVE-2019-19698

marc-q libwav through 2017-04-20 has a NULL pointer dereference in wavcontentread at libwav.c...

libwav null pointer dereference vulnerability (CNVD-2020-09637)

libwav is a simple wav library written in pure C . A null pointer dereference vulnerability exists in wavcontentread in libwav.c in libwav 2017-04-20 and earlier versions, which can be exploited by an attacker to cause a denial of service...

jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

Path traversal

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3733

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...

CVE-2014-6340

Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different 1 domain or 2 zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."...

CVE-2012-4168

CVE-2012-4168 is a cross-domain information leak in Adobe Flash Player and Adobe AIR (affecting multiple platforms: Windows, Mac OS X, Linux, Android 2.x/3.x/4.x). It arises from handling specially crafted SWF content, enabling a remote attacker to read content from a different domain. Public adv...

CVE-2008-2138

Oracle Application Server OracleAS Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /davportal/portal/ by sending a request containing a trailing "%0A" encoded line feed, then using the session ID that is generated from that request. NOTE: as of...