Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
CWE-552
CVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
CVE-2021-36763
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVE-2021-36233
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
CVE-2021-35203
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.
CVE-2021-34765
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.