Monthly
Arbitrary file write in Veeam Backup & Replication 13 (≤13.0.1) on Linux-based deployments allows an authenticated Backup Administrator to write files anywhere on the server filesystem, enabling code execution and full host compromise. CVSS 4.0 scores this 8.6 (High) due to network-reachable exploitation with high impact across confidentiality, integrity, and availability, though high privileges are required. No public exploit identified at time of analysis.
Arbitrary file read in Avada Builder plugin for WordPress versions up to 3.15.2 allows authenticated attackers with Subscriber-level access to read arbitrary files on the server via the 'fusion_get_svg_from_file' function in the 'fusion_section_separator' shortcode. Sensitive information including configuration files, database credentials, and private keys can be exposed. The vulnerability was partially patched in 3.15.2 and fully patched in version 3.15.3.
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
PaperCut MF version 25.0.4 allows authenticated administrators to read arbitrary files on the server through insufficient path validation in the Shared Account Synchronization component, exposing sensitive configuration and system files via the account management interface. The vulnerability requires administrative privileges and attack complexity involves timing (AT:P), limiting real-world exploitation scope despite network accessibility.
Arbitrary file writing via directory traversal in Nix versions before 2.34.7 allows unauthenticated remote attackers to overwrite files on systems running vulnerable versions of nix-prefetch-url or nix store prefetch-file with the --unpack flag. The vulnerability exploits improper path validation during archive extraction, enabling an attacker to craft malicious packages that write to arbitrary filesystem locations when unpacked. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) reflects network-based exploitation without authentication, though real-world impact depends on file permissions and deployment context. No active exploitation has been confirmed in CISA KEV at time of analysis.
Absolute path traversal in Deepractice PromptX up to version 2.4.0 allows remote unauthenticated attackers to read arbitrary files from the server by manipulating the path argument in document file handling functions (read_docx, read_xlsx, read_pptx, list_xlsx_sheets, read_pdf). Publicly available exploit code exists and the vendor has not responded to early disclosure, though CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates moderate information disclosure risk with no integrity or availability impact.
AIOHTTP static resource handler on Windows exposes NTLMv2 remote path information to unauthenticated remote attackers, allowing information disclosure with high confidentiality impact. Versions prior to 3.13.4 are affected. The vulnerability has been patched and no active exploitation has been confirmed at this time.
The JetFormBuilder plugin for WordPress contains a critical path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. All versions up to and including 3.5.6.2 are affected. Attackers can exploit this to exfiltrate sensitive local files as email attachments by submitting crafted form requests with malicious Media Field payloads, with a CVSS score of 7.5 indicating high confidentiality impact.
Unsafe path handling in NLTK's filestring() function enables attackers to read arbitrary files on affected iOS and AI/ML systems through improper input validation. An unauthenticated attacker can exploit this over the network by supplying directory traversal or absolute paths to access sensitive data, with particular risk in deployments exposing the function through web APIs. No patch is currently available for this high-severity vulnerability (CVSS 8.6).
Navtor NavBox exposes an unauthenticated path traversal vulnerability in its HTTP service that allows remote attackers to read arbitrary files from the server by submitting requests with absolute filesystem paths. Successful exploitation enables unauthorized disclosure of sensitive configuration files and system information, limited only by the service process privileges. No patch is currently available.
Arbitrary file write in Veeam Backup & Replication 13 (≤13.0.1) on Linux-based deployments allows an authenticated Backup Administrator to write files anywhere on the server filesystem, enabling code execution and full host compromise. CVSS 4.0 scores this 8.6 (High) due to network-reachable exploitation with high impact across confidentiality, integrity, and availability, though high privileges are required. No public exploit identified at time of analysis.
Arbitrary file read in Avada Builder plugin for WordPress versions up to 3.15.2 allows authenticated attackers with Subscriber-level access to read arbitrary files on the server via the 'fusion_get_svg_from_file' function in the 'fusion_section_separator' shortcode. Sensitive information including configuration files, database credentials, and private keys can be exposed. The vulnerability was partially patched in 3.15.2 and fully patched in version 3.15.3.
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
PaperCut MF version 25.0.4 allows authenticated administrators to read arbitrary files on the server through insufficient path validation in the Shared Account Synchronization component, exposing sensitive configuration and system files via the account management interface. The vulnerability requires administrative privileges and attack complexity involves timing (AT:P), limiting real-world exploitation scope despite network accessibility.
Arbitrary file writing via directory traversal in Nix versions before 2.34.7 allows unauthenticated remote attackers to overwrite files on systems running vulnerable versions of nix-prefetch-url or nix store prefetch-file with the --unpack flag. The vulnerability exploits improper path validation during archive extraction, enabling an attacker to craft malicious packages that write to arbitrary filesystem locations when unpacked. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) reflects network-based exploitation without authentication, though real-world impact depends on file permissions and deployment context. No active exploitation has been confirmed in CISA KEV at time of analysis.
Absolute path traversal in Deepractice PromptX up to version 2.4.0 allows remote unauthenticated attackers to read arbitrary files from the server by manipulating the path argument in document file handling functions (read_docx, read_xlsx, read_pptx, list_xlsx_sheets, read_pdf). Publicly available exploit code exists and the vendor has not responded to early disclosure, though CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) indicates moderate information disclosure risk with no integrity or availability impact.
AIOHTTP static resource handler on Windows exposes NTLMv2 remote path information to unauthenticated remote attackers, allowing information disclosure with high confidentiality impact. Versions prior to 3.13.4 are affected. The vulnerability has been patched and no active exploitation has been confirmed at this time.
The JetFormBuilder plugin for WordPress contains a critical path traversal vulnerability allowing unauthenticated attackers to read arbitrary files from the server. All versions up to and including 3.5.6.2 are affected. Attackers can exploit this to exfiltrate sensitive local files as email attachments by submitting crafted form requests with malicious Media Field payloads, with a CVSS score of 7.5 indicating high confidentiality impact.
Unsafe path handling in NLTK's filestring() function enables attackers to read arbitrary files on affected iOS and AI/ML systems through improper input validation. An unauthenticated attacker can exploit this over the network by supplying directory traversal or absolute paths to access sensitive data, with particular risk in deployments exposing the function through web APIs. No patch is currently available for this high-severity vulnerability (CVSS 8.6).
Navtor NavBox exposes an unauthenticated path traversal vulnerability in its HTTP service that allows remote attackers to read arbitrary files from the server by submitting requests with absolute filesystem paths. Successful exploitation enables unauthorized disclosure of sensitive configuration files and system information, limited only by the service process privileges. No patch is currently available.