KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
CWE-552
CVE-2022-28462
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
CVE-2022-28002
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.
CVE-2022-27837
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
CVE-2022-26877
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.