CVE Daily
← All tags

Tag: Arbitrary File Read

All CVEs associated with "Arbitrary File Read". Page 3/4 • 432 CVEs.

Subscribe CVEs: RSS for “Arbitrary File Read”  ·  RSS (High+Critical only)

About “Arbitrary File Read”

A curated feed of “Arbitrary File Read”-related CVEs appears below. We currently track 432 CVEs for this tag (all time). In the last 365 days, 141 were published. Average CVSS is 7.0 (all time; 7.1 over 365d), and 55% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-23 - Relative Path Traversal, CWE-36 - Absolute Path Traversal.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-03-23
High

CVE-2024-1603

paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.

CVSS: 7.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
2024-02-20
High

CVE-2023-51770

Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, whic…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2024-02-15
Critical

CVE-2024-26261

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing t…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-02-02
High

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2023-39611

An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-01-31
Medium

CVE-2023-5390

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files…

CVSS: 5.3 CWE: CWE-36 - Absolute Path Traversal View on NVD
2024-01-20
High

CVE-2023-51926

YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.

CVSS: 7.5 CWE: N/A View on NVD
2024-01-10
Medium

CVE-2023-49864

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can l…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2023-49863

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can l…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2023-49862

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can l…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

CVSS: 7.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2023-47171

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can le…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
2024-01-04
Medium

CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-01-03
High

CVE-2023-51785

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Us…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-45722

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is l…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-12-15
High

CVE-2023-50265

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file fun…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-50264

Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-12-14
Medium

CVE-2023-48661

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary…

CVSS: 4.9 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2023-48660

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-12-13
High

CVE-2023-47624

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a pat…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-11-28
High

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-11-20
High

CVE-2023-43612

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions.

CVSS: 8.4 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2023-10-25
High

CVE-2023-26580

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2022-38485

A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read f…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-10-23
High

CVE-2023-33517

carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-10-18
High

CVE-2023-45912

WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory listing…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-10-16
High

CVE-2023-3155

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attac…

CVSS: 7.2 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-09-28
High

CVE-2023-43662

ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default ser…

CVSS: 8.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-09-27
High

CVE-2023-43856

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-09-15
High

CVE-2023-41886

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. V…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-09-08
High

CVE-2023-41578

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-39584

Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-09-06
High

CVE-2023-30706

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.

CVSS: 7.5 CWE: N/A View on NVD
2023-08-15
Medium

CVE-2023-40028

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-07-10
Medium

CVE-2023-24487

Arbitrary file read in Citrix ADC and Citrix Gateway

CVSS: 6.3 CWE: CWE-253 - Incorrect Check of Function Return Value View on NVD
2023-07-06
High

CVE-2023-23907

A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a ne…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2023-23547

A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-06-30
Medium

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written…

CVSS: 6.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-06-26
Critical

CVE-2023-30945

Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to mi…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-06-16
High

CVE-2023-34645

jfinal CMS 5.1.0 has an arbitrary file read vulnerability.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-06-02
Medium

CVE-2023-23597

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this ne…

CVSS: 6.5 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2023-06-01
High

CVE-2023-34092

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unau…

CVSS: 7.5 CWE: CWE-50 - Path Equivalence: '//multiple/leading/slash' View on NVD
2023-05-31
High

CVE-2023-33507

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.

CVSS: 7.5 CWE: N/A View on NVD
2023-05-26
Critical

CVE-2022-46945

Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-05-18
Medium

CVE-2023-32322

Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-05-15
High

CVE-2023-32309

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-05-10
High

CVE-2022-29841

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system c…

CVSS: 8.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2023-04-19
Medium

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-04-17
Medium

CVE-2023-29004

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writ…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-04-14
Medium

CVE-2023-26559

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF d…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-04-04
High

CVE-2023-25356

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which…

CVSS: 8.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2023-03-23
Medium

CVE-2023-28330

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2023-03-09
High

CVE-2023-26948

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-03-08
High

CVE-2023-26956

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-02-27
Medium

CVE-2023-26043

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style uploa…

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2023-02-24
Medium

CVE-2021-35369

Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2023-02-01
Medium

CVE-2022-48094

lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.

CVSS: 4.9 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-01-30
High

CVE-2022-38451

A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-01-26
Medium

CVE-2022-38088

A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-01-20
High

CVE-2022-47747

kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-12-23
Medium

CVE-2022-46492

nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-12-15
Medium

CVE-2022-29511

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-27498

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitr…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-46768

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the fi…

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
2022-12-06
High

CVE-2022-23470

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the…

CVSS: 8.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-11-18
Medium

CVE-2022-44634

Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress.

CVSS: 4.9 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-11-03
Medium

CVE-2022-43449

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the fil…

CVSS: 6.2 CWE: CWE-20 - Improper Input Validation View on NVD
2022-10-11
Medium

CVE-2022-31682

VMware Aria Operations contains an arbitrary file read vulnerability. A malicious actor with administrative privileges may be able to read arbitrary files containing sensitive data.

CVSS: 4.9 CWE: N/A View on NVD
2022-09-29
Medium

CVE-2021-45789

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.

CVSS: 6.5 CWE: N/A View on NVD
2022-09-09
Medium

CVE-2022-37299

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-08-23
Medium

CVE-2022-35235

Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-08-22
Medium

CVE-2022-32761

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrar…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
Medium

CVE-2022-28710

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An…

CVSS: 6.5 CWE: CWE-73 - External Control of File Name or Path View on NVD
2022-08-02
High

CVE-2022-34924

Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2022-07-28
High

CVE-2022-34593

DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-36997

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authent…

CVSS: 7.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2022-36994

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authent…

CVSS: 6.3 CWE: N/A View on NVD
2022-07-25
High

CVE-2022-35650

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allo…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-07-22
Medium

CVE-2022-33901

Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.

CVSS: 5.3 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-07-21
Medium

CVE-2022-31475

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

CVSS: 5.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-05-26
High

CVE-2022-29720

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-05-25
Medium

CVE-2022-26067

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests…

CVSS: 4.9 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2022-05-17
Medium

CVE-2021-42644

cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_da…

CVSS: 6.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-05-14
Medium

CVE-2022-24830

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, l…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-05-11
Medium

CVE-2022-30062

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-05-02
High

CVE-2022-27983

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php.

CVSS: 7.5 CWE: N/A View on NVD
2022-05-01
Critical

CVE-2022-25767

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of loc…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2022-04-21
Medium

CVE-2022-28445

KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.

CVSS: 6.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2022-28444

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-04-13
High

CVE-2022-24843

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of pa…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-22279

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specif…

CVSS: 4.9 CWE: CWE-23 - Relative Path Traversal View on NVD
2022-04-11
Low

CVE-2022-27844

Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70

CVSS: 2.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-04-10
High

CVE-2022-27279

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-04-05
High

CVE-2021-43008

Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a r…

CVSS: 7.5 CWE: N/A View on NVD
2022-03-28
High

CVE-2022-26271

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-03-18
Medium

CVE-2021-22571

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.…

CVSS: 5.5 CWE: CWE-275 View on NVD
2022-03-15
Medium

CVE-2022-25497

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.

CVSS: 5.3 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-02-15
High

CVE-2021-43734

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-02-04
Medium

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.

CVSS: 4.9 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-02-01
Medium

CVE-2022-21687

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or tr…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2022-01-19
Critical

CVE-2021-46204

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2021-46203

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2021-46104

An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-01-18
High

CVE-2022-0244

An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.

CVSS: 8.6 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2022-01-06
High

CVE-2021-44351

An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-11-24
High

CVE-2021-21980

The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain acce…

CVSS: 7.5 CWE: N/A View on NVD
2021-10-11
Medium

CVE-2021-20121

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary…

CVSS: 4.0 CWE: N/A View on NVD
2021-10-04
Medium

CVE-2020-21431

HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.

CVSS: 6.5 CWE: N/A View on NVD
2021-09-30
Medium

CVE-2021-35203

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

CVSS: 5.7 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2021-09-17
High

CVE-2019-9060

An issue was discovered in CMS Made Simple 2.2.8. It is possible to achieve unauthenticated path traversal in the CGExtensions module (in the file action.setdefaulttemplate.php) with the m1_filename…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-09-09
High

CVE-2021-32833

Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.…

CVSS: 8.6 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2021-08-31
Medium

CVE-2021-35219

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.

CVSS: 6.0 CWE: N/A View on NVD
2021-08-30
Medium

CVE-2021-22022

The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbi…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-08-20
Low

CVE-2021-36016

Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2021-36014

Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerabili…

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2021-36008

Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-after-free vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to r…

CVSS: 3.3 CWE: CWE-416 - Use After Free View on NVD
2021-08-03
Medium

CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versio…

CVSS: 5.3 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
2021-07-12
Medium

CVE-2021-32754

FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity (XXE) vulnerability that allowed an attacker who had control over the source/sink definition…

CVSS: 5.3 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2021-06-11
Medium

CVE-2021-3256

KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.

CVSS: 6.5 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2021-06-09
High

CVE-2021-33359

A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.

CVSS: 7.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD