31 matches found
CVE-2026-55111
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight...
CVE-2026-9083
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
Directory Traversal
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2026-11431
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypasses validation, allowing arbitrary files including entire directories returned as archives to be...
CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account...
CVE-2025-15523 TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...
CVE-2025-15235 Quanta Computer|QOCA aim AI Medical Cloud Platform - Missing Authorization
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files...
CVE-2025-14881 Insecure direct object reference
Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
EUVD-2025-26399
Malicious code in bioql PyPI...
CVE-2025-10719 WisdomGarden|Tronclass - Insecure Direct Object Reference
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2022 Release 1, which stems from an intent redirection that could...
SUSE CVE-2025-52995
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...
SAMSUNG Semiconductor Mobile Processor 安全漏洞
SAMSUNG Semiconductor Mobile Processor is a semiconductor mobile processor from Samsung South Korea. A security vulnerability exists in SAMSUNG Semiconductor Mobile Processor versions prior to SMR-Apr-2025 Release 1, which stems from improper access control and could result in access to arbitrary...
Important: Red Hat Security Advisory: bubblewrap and flatpak security update
An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2024:9449 Important: bubblewrap and flatpak security update
Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...
RHEL 9 : bubblewrap and flatpak (RHSA-2024:6355)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6355 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...
CVE-2024-3980
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application...
guava: insecure temporary directory creation
A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory...
Vulnerability fixed in Symantec Endpoint Protection
Symantec has fixed a vulnerability in Endpoint Protection. A local malicious person could exploit the vulnerability to grant themselves elevated privileges and thus gain access to files and possibly sensitive information for which he initially has no privileges. Symantec has released updates to f...
PT-2022-27664 · Huawei · Huawei Aslan Children'S Watch
Name of the Vulnerable Software and Affected Versions: Huawei Aslan Children's Watch affected versions not specified Description: The issue is related to an improper authorization vulnerability. If successfully exploited, it could allow an attacker to access certain files. Recommendations: At the...