Topic: local file inclusion
-
CISA Warns of Active Attacks on 4 Critical Software Flaws
CISA has issued a critical alert, adding four actively exploited software vulnerabilities to its KEV catalog, impacting tools from Versa, Zimbra, Vite, and Prettier. The exploited flaws include an authentication bypass in Versa's SD-WAN platform, a file access bug in the Vite framework, a supply-...
Read More » -
Critical jsPDF Flaw Exposes Secrets in Generated PDFs
A high-severity vulnerability (CVE-2025-68428) in the widely used jsPDF library allows attackers to steal local server files by exploiting a path traversal flaw in its Node.js version. The flaw affects several file-loading functions and was fixed in version 4.0.0, which uses Node.js's permission ...
Read More » -
Zero-Day Attack Hits Gladinet File Sharing Software
A zero-day vulnerability (CVE-2025-11371) in Gladinet's CentreStack and Triofox platforms allows unauthenticated attackers to access sensitive files via Local File Inclusion, with at least three organizations already targeted. Attackers exploit the LFI flaw to retrieve machine keys and chain it w...
Read More » -
Gladinet patches critical zero-day flaw in file-sharing software
Gladinet has released a critical security update for CentreStack to address CVE-2025-11371, a zero-day vulnerability that allowed attackers to bypass protections and execute remote code on systems. The flaw, discovered by Huntress, involved inadequate input sanitization enabling directory travers...
Read More »