CVE-2011-0180

Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary 1 HFS, 2 HFS+, or 3 HFS+J files via a crafted FREADBOOTSTRAP ioctl call...

EUVD-2014-0802

Malware in sbrugna...

EUVD-2006-6493

Malware in sbrugna...

EUVD-2001-1315

Malware in sbrugna...

EUVD-2010-1247

Malware in sbrugna...

EUVD-2011-0206

Malware in sbrugna...

EUVD-2023-30354

Malicious code in bioql PyPI...

GHSA-RQ9R-QVWG-829Q Erxes Path Traversal vulnerability

In Erxes 1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler...

CVE-2020-35340

A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read...

CVE-2020-25351

An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script...

CVE-2012-4554

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

Exploit for CVE-2025-30208

CVE-2025-30208 & CVE-2025-31125 & CVE-2025-31486 1. Overvie...

Apache Linkis Input Validation Error Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

CVE-2024-45388

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...

CVE-2024-2548

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollmscore/lollms/server/endpoints/lollmsbindingfilesserver.py and lollmscore/lollms/security.py files. Due to inadequate validation of file paths between Windows and Linux environments using...

CVE-2024-1594

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

YzmCMS Server-Side Request Forgery Vulnerability

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the back-end collection management server-side request forgery vulnerability, an attacker can use the vulnerability to read any file...

CloudBees Jenkins TOCTOU Competitive Conditions Vulnerability

Jenkins is an open source continuous integration tool written in Java , mainly used for continuous , automated build/test software projects , monitor the operation of external tasks . A TOCTOU competitive condition vulnerability exists in Jenkins 2.275, LTS 2.263.2. An attacker can exploit this...

HPE Pay Path Traversal Vulnerability (CNVD-2021-18033)

Hewlett Packard Enterprise, HPE HPE PPU service is a pay-per-use network service from Hewlett Packard Enterprise HPE in the United States. A path traversal vulnerability exists in HPE Pay prior to version 1.9 that originates in the execute method of the DownloadServlet class of PPU and UCS. An...