EUVD-2026-22987

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...

CVE-2026-30994

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...

CVE-2025-64319

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1...

CVE-2025-62363

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the pathtoytdlp configuration setting. An attacker with write access to the configuration file or the filesyst...

EUVD-2006-0849

Malware in sbrugna...

EUVD-2018-0007

Malware in sbrugna...

EUVD-2024-0334

Malicious code in bioql PyPI...

CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...

XWiki configuration files can be accessed through jsx and sx endpoints

Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false. This can apparently be reproduced on Tomcat instances. Patches This has been patched in 17.4.0-rc-1, 16.10.7. Workarounds...

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

Cleartext Storage Of Sensitive Information

Jenkins is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to improper secret redaction due to config.xml of agents being accessible via the REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted secret values...

CVE-2025-24337

CVE-2025-24337 : Affects WriteFreely up to version 0.15.1 when using MySQL. Local users can read the config.ini and disclose credentials due to insecure default config access. The impact is credential disclosure (confidentiality and integrity) for local attackers; exploitation is local. The provi...

PYSEC-2023-213

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

CVE-2023-44690

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.5. Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control...

FUJIFILM Driver Distributor 加密问题漏洞

FUJIFILM Driver Distributor is a driver from FUJIFILM. A security vulnerability exists in FUJIFILM Driver Distributor v2.2.3.1 and earlier versions, which originates from passwords being stored in a recoverable format, and encrypted administrator credentials can be decrypted if an attacker gains...

PT-2023-9752 · Mozilla · Convict

Name of the Vulnerable Software and Affected Versions: Mozilla Convict versions prior to 6.2.4 Description: The issue is related to improperly controlled modification of object prototype attributes, also known as "prototype pollution." This allows an attacker to inject attributes that are used in...

WordPress plugin Download Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in th...

LanProxy 0.1 Directory Traversal Vulnerability - Active Check

LanProxy is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...