331 matches found
CVE-2025-50691
MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...
CVE-2025-50691
MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data including tokens and terminal content is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation...
PT-2025-34367 · Unknown · Mcsmanager
Name of the Vulnerable Software and Affected Versions: MCSManager version 10.5.3 Description: The MCSManager daemon process runs with root privileges by default. Sensitive data, including tokens and terminal content, is stored in a data directory accessible to all users. This allows unauthorized...
Linux Distros Unpatched Vulnerability : CVE-2022-47927
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data...
World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data
Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...
CVE-2025-5906
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be use...
CVE-2025-37863
In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, onl...
CVE-2025-37863
In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, onl...
CVE-2025-37863
CVE-2025-37863 affects the Linux kernel overlayfs (ovl). The issue arises when a data-only layer is pointed to by an upper layer, something not currently used but previously allowed only via the datadir+ feature, which could trigger an Oops. The documented fix disables datadir without a lowerdir,...
CVE-2025-46618
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...
CVE-2025-46618
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...
CVE-2025-46618
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...
CVE-2025-46618
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...
CVE-2025-46618
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab...
CVE-2025-46618
JetBrains TeamCity before 2025.03.1 is affected by CVE-2025-46618, where a stored XSS vulnerability exists on the Data Directory tab. The available sources confirm the issue in versions prior to 2025.03.1 and note the impact as stored XSS. A remediation suggested by PT-2025-17925 is to upgrade to...
PT-2025-17925 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2025.03.1 Description: The issue allows for stored XSS, which was possible on the Data Directory tab. Recommendations: For versions prior to 2025.03.1, update to version 2025.03.1 or later to resolve the...
ASB-A-283962634
In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
AnkiDroid 安全漏洞
AnkiDroid is the AnkiDroid open source for an Anki flashcard on Android. A security vulnerability exists in AnkiDroid version v2.17.6, which stems from a vulnerability that allows an attacker to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save them to public storage...
PT-2025-6409 · Ankidroid · Ankidroid
Name of the Vulnerable Software and Affected Versions: AnkiDroid version 2.17.6 Description: The issue in the AnkiDroid Android application allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save them into publicly available storage. Recommendations: For...
CVE-2024-38864 User-Readable Private Key in Windows Agent
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk 2.3.0p23, 2.2.0p38 and = 2.1.0p49 EOL allows a local attacker to read sensitive data...