PT-2026-41550

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp abspath values to simp...

CVE-2020-37214

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files...

EUVD-2024-55345

APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like /etc/passwd by using encoded path...

EUVD-2016-4203

Malware in sbrugna...

CVE-2025-9556

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...

CVE-2025-9556 CVE-2025-9556

Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a...

CVE-2009-10005 ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode

ContentKeeper Web Appliance now maintained by Impero Software versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output...

CVE-2025-4437

CVE-2025-4437 affects CRI-O (container runtime); Fedora advisories indicate cri-o1.33 up to version 1.33.5 fixes. The vulnerability arises when container runs with securityContext.runAsUser set to a non-existent user, causing CRI-O to read /etc/passwd into memory and potentially trigger memory ex...

CVE-2024-28753

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request...

PT-2024-25803 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.43 Description: The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may...

PT-2024-22561 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP aka raspap-webgui versions 3.0.9 and earlier Description: The issue allows remote attackers to read the /etc/passwd file via a crafted request. Recommendations: For RaspAP aka raspap-webgui versions 3.0.9 and earlier, update to a versi...

CVE-2023-34260

Kyocera TASKalfa 4053ci printers through 2VGS000.002.561 allow a denial of service service outage via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory...

CVE-2023-34260

Kyocera TASKalfa 4053ci printers through 2VGS000.002.561 allow a denial of service service outage via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory...

SUSE CVE-2012-6097

File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab...

Western Digital My Cloud和SanDisk ibi缓冲区错误漏洞

Western Digital My Cloud is an easy-to-use personal cloud storage device. SanDisk ibi, a smart photo manager and media storage drive, is a buffer overflow vulnerability that could be exploited by attackers to gain local access to the system and read the /etc/version file...

CVE-2021-45043

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...

Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)

/ Title: Linux/ARM64 - Read /etc/passwd Shellcode 120 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xerus development...

CVE-2018-19326

Zyxel VMG1312-B10D devices before 5.13AAXA.8C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd...

Webmin File Read Vulnerability

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A security vulnerability exists in Webmin versions 1.840 and 1.880 that stems from weak default configuration settings. The...

Sandstorm Arbitrary File Read Vulnerability

Sandstorm is a personal cloud platform. The platform features file storage, application management, task and project management, and more. A security vulnerability exists in versions prior to Sandstorm build 0.203, which stems from the failure of the 'findFilesToZip' function to filter newline n...