CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with...

kvf-admin 跨站脚本漏洞

kvf-admin is a rapid development framework, scaffolding, backend management system, permission system. kvf-admin cross-site scripting vulnerability , the vulnerability stems from the file / ueditor/upload?configPath=ueditor/config.json&action=uploadfile parameter upfile lack of effective filterin...

gix-path improperly resolves configuration path reported by Git

Summary gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Details In gixpath::env, th...

CVE-2022-28652

/.config/apport/settings parsing is vulnerable to "billion laughs" attack...

PT-2024-30249 · E Webinformationco · Fs-Ezviewer

Name of the Vulnerable Software and Affected Versions: E-WEBInformationCo. FS-EZViewerWeb affected versions not specified Description: A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows the attacker to obtain...

CVE-2023-44690

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py...

Dreamer CMS Security Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS 4.1.3 and earlier versions, which originates from an unknown function in /upload/ueditorConfig?action=config that results in an accessible file or...

CVE-2023-34391

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A Cybersecurity tag dated 20230522 for more details. This issue affects...

CVE-2023-31852

Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting XSS in cgi-bin/luci/admin/network/wireless/config via the iface parameter...

CVE-2023-26802

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request...

SUSE CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

PT-2022-27773 · Grafana · Synthetic Monitoring Agent For Grafana

Name of the Vulnerable Software and Affected Versions: Synthetic Monitoring Agent for Grafana versions prior to 0.12.0 Description: The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets...

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

PT-2022-14083

Name of the Vulnerable Software and Affected Versions WPMK Ajax Finder WordPress plugin versions up to and including 1.0.1 Description The issue is related to Cross-Site Request Forgery, which occurs due to a missing nonce check in the createplugin atf admin setting page function found in the...

GHSA-GP95-PPV5-3JC5 sharp vulnerable to Command Injection in post-installation over build environment

There's a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their...

PYSEC-2021-346

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

PYSEC-2021-348

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'...

UBUNTU-CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

openSUSE Security Update : python-rtslib-fb (openSUSE-2020-1156)

This update for python-rtslib-fb fixes the following issues : - Update to version v2.1.73 bsc1173257 CVE-2020-14019 : - version 2.1.73 - savetofile: fix fd open mode - saveconfig: copy temp configfile with permissions - saveconfig: open the temp configfile with modes set - Fix 'is not' with a...

CVE-2016-2357

Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory...