CVE-2020-12443

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename lowercase value can be a .pdf filename while the presFilename mixed case value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to...

EUVD-2021-1194

Malware in sbrugna...

EUVD-2020-0431

Malware in sbrugna...

EUVD-2021-24034

Malware in sbrugna...

EUVD-1999-1358

Malware in sbrugna...

EUVD-2008-1091

Malware in sbrugna...

EUVD-2014-8874

Malware in sbrugna...

EUVD-2017-11281

Malware in sbrugna...

EUVD-2016-8674

Malware in sbrugna...

EUVD-2022-5242

Malicious code in bioql PyPI...

EUVD-2022-32906

Malicious code in bioql PyPI...

CVE-2025-51481

Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...

CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

CVE-2023-42132

FD Application Apr. 2022 Edition Version 9.01 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2019-3429

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...

CVE-2018-18289

The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files...

CVE-2018-17766

Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

CVE-2011-2757

Directory traversal vulnerability in FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0.0.12 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the FILENAME parameter. NOTE: this might overlap the US-CERT VU543310 issue...

CVE-2025-32807

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon parameter of a GET request to geticon.php...

PT-2025-11984 · Applio · Applio

Name of the Vulnerable Software and Affected Versions: Applio versions 3.2.8-bugfix and prior Description: The issue affects a voice conversion tool and may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read file...