ROS-20260320-73-0007

A vulnerability in the ssh-agent library ssh-agent server for the Go crypto programming language involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-32024

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

CVE-2025-59384

A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling 3.13.1 and later...

PT-2026-1098

Name of the Vulnerable Software and Affected Versions Qfiling versions prior to 3.13.1 Description A path traversal issue exists in Qfiling that could allow remote attackers to read the contents of unexpected files or system data. Approximately 3257k+ instances are potentially exposed. The...

CVE-2025-11674 PiExtract｜SOOP-CLM - Server-Side Request Forgery

SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information...

EUVD-2007-5703

Malware in sbrugna...

EUVD-2008-6695

Malware in sbrugna...

RIOT 缓冲区错误漏洞

RIOT is RIOT's open source set of operating systems for applications in the Internet of Things IoT space. A buffer error vulnerability exists in RIOT 2024.04 and prior versions that stems from the lack of a minimum header length check, which could lead to remote reading and thus system...

VulnCheck KEV: CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

Information Exposure

Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure due to allowing remote attackers to read communications between Logstash Forwarder agent and Logstash server. Remediation Upgrade logstash-core to version...

SUSE CVE-2007-1461

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or openbasedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories...

SUSE CVE-2012-4168

Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540...

SUSE CVE-2012-4747

Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read 1 template aka .tmpl files, 2 other custom...

SUSE CVE-2015-5378

Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server...

Design/Logic Flaw

Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted t...

CVE-2022-0988 Delta Electronics DIAEnergie CLEARTEXT Transmission of Sensitive Information

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product...

Advantech WebAccess/SCADA 路径遍历漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A relative path traversal vulnerability...

CVE-2016-6138

Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary files via unspecified vectors, aka SAP Security Note 2203591...

CVE-2016-4532

Directory traversal vulnerability in the WAP interface in Trihedral VTScada formerly VTS 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname...

Design/Logic Flaw

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL...