CVE-2026-10254

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/. This manipulation causes file and directory information exposure. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-10254

The CVE-2026-10254 entry concerns SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function in /admin/ that allows exposure of file and directory information. The flaw enables a remote attack, and multiple sources note that the exploit has been published and may be used...

CVE-2026-7071

Summary: CVE-2026-7071 affects CodeAstro Online Job Portal 1.0. The vulnerability targets an unknown functionality under the path /users/user-cvs/ and leads to file and directory information exposure. The issue is exploitable remotely, and public disclosure of the exploit is noted. There are no e...

AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

Summary The AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition !phpsapiname === 'cli' never evaluates to true due to how PHP...

MiracleLinux 8 : thunderbird-128.9.2-1.el8_10.ML.1 (AXSA:2025-9932:09)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9932:09 advisory. thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing...

MiracleLinux 9 : thunderbird-128.10.0-1.el9_6.ML.1 (AXSA:2025-10475:14)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10475:14 advisory. thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing...

MiracleLinux 9 : thunderbird-128.9.2-1.el9_5.ML.1 (AXSA:2025-9897:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9897:08 advisory. thunderbird: User Interface UI Misrepresentation of attachment URL CVE-2025-3523 thunderbird: Information Disclosure of /tmp directory listing...

CVE-2019-12463

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

CVE-2025-52331

Cross-site scripting XSS vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation i...

EUVD-2020-19367

Malware in sbrugna...

EUVD-2003-0590

Malware in sbrugna...

EUVD-2006-1607

Malware in sbrugna...

EUVD-2022-4897

Malicious code in bioql PyPI...

Kashipara Online Service Management Portal 安全漏洞

Kashipara Online Service Management Portal is an online service management portal from Kashipara. A security vulnerability exists in Kashipara Online Service Management Portal version V1.0, which stems from mishandling of the /osms/Requester/ directory, which could lead to disclosure of directory...

The vulnerability of the SAP NetWeaver AS for Java software platform, related to the leakage of information about files and directories, allows attackers to circumvent existing security restrictions.

The vulnerability of the SAP NetWeaver AS for Java software platform is related to the leakage of information about files and directories. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by using specially created PDF files...

[SECURITY] [DLA 3880-1] amanda security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3880-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 07, 2024 https://wiki.debian.org/LTS -...

Debian dla-3880 : amanda-client - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3880 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3880-1 [email protected]...

TYPO3 12.2.0 < 12.4.8 (TYPO3-CORE-SA-2023-005)

The version of TYPO3 installed on the remote host is prior to 12.2.0 12.4.8. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-005 advisory. - The login screen of the standalone install tool discloses the full path of the transient data directory e.g...

CVE-2022-43868

IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445...

Design/Logic Flaw

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents...