CVE-2022-50897

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications...

EUVD-2025-24246

Malicious code in bioql PyPI...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

CVE-2024-44190

A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files...

CVE-2019-17187

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007JS201804 devices allows pre-authentication Directory Traversal for reading arbitrary files...

Websense TRITON V-Series appliances directory traversal vulnerability

Websense TRITON V-Series is a V-Series module used in Websense applications from Websense USA. A directory traversal vulnerability in Websense TRITON V-Series appliances prior to version 8.0.0 allows an attacker to read arbitrary files via unspecified vectors...

USN-2341-1 cups vulnerabilities

Salvatore Bonaccorso discovered that the CUPS web interface incorrectly validated permissions and incorrectly handled symlinks. An attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation...