Lucene search
K

23 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 2:20 a.m.10 views

Security Bulletin: Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[CVE-2023-38265, CVE-2023-38005]

Summary Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect Cloud Pak System respectively. IBM Cloud Pak System could allow an authenticated user to perform unauthorized tasks due to improper access controls , and disclose folder location informati...

5.3CVSS5.9AI score0.00207EPSS
Exploits0Affected Software2
EUVD
EUVD
added 2026/05/22 12:48 p.m.14 views

EUVD-2025-209919

Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.5CVSS5.8AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 2:30 p.m.7 views

CVE-2025-32750

Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a...

5.3CVSS6.1AI score0.0024EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.9 views

SUSE CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/03 8:25 p.m.6 views

CVE-2026-34763

A flaw was found in Rack. A remote attacker could exploit a vulnerability in Rack::Directory's handling of root paths. When the configured root path contains special regular expression characters, the directory listing generation can fail to properly strip the path prefix. This can lead to the...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/17 9:49 p.m.4 views

CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...

4.3CVSS5.5AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 9:49 p.m.20 views

CVE-2023-38005

CVE-2023-38005 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. An authenticated user could perform unauthorized tasks due to improper access controls (CWE-284). IBM’s bulletin combines this with CVE-2023-38265; the base score for CVE-2023-38005 is 4.3 (Mediu...

4.3CVSS5.5AI score0.00207EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/02/17 4:14 p.m.4 views

Exposure of Information Through Directory Listing

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS5.7AI score0.00665EPSS
Exploits1References2
CVE
CVE
added 2025/11/15 3:32 p.m.19 views

CVE-2025-13200

CVE-2025-13200 affects SourceCodester Farm Management System 1.0. The vulnerability arises from an unknown functionality that allows information disclosure via directory listing, with a remote attack vector over the network. Public exploits have been disclosed. Public sources (NVD/Red Hat/EUVD/CV...

6.9CVSS5.2AI score0.00439EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/11/15 3:32 p.m.16 views

CVE-2025-13200 SourceCodester Farm Management System exposure of information through directory listing

A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly...

6.9CVSS0.00439EPSS
Exploits1References5
OSV
OSV
added 2025/10/14 3:16 p.m.8 views

CVE-2025-27906

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified...

5.3CVSS5.5AI score0.00285EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.9 views

PT-2025-40606

Name of the Vulnerable Software and Affected Versions Mastra versions 0.13.8 through 0.13.20-alpha.0 Description Mastra, a Typescript framework for building AI agents and assistants, is susceptible to a Directory Traversal issue. The framework includes a security check intended to prevent path...

6.5CVSS6.5AI score0.00541EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/24 8:5 p.m.4 views

Exposure of Information Through Directory Listing

Overview @mastra/mcp-docs-server is a MCP server for accessing Mastra.ai documentation, changelogs, and news. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing via the execute function. An attacker can access sensitive directory listings by...

7.1CVSS6.9AI score0.00541EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/09/24 8:5 p.m.9 views

Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...

6.5CVSS7.2AI score0.00541EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/24 8:5 p.m.5 views

GHSA-XH92-RQRQ-227V Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure

The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...

6.5CVSS7.2AI score0.00541EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/15 8:23 p.m.11 views

Security Bulletin: IBM Information Server is affected by an Information Disclosure vulnerability (CVE-2025-1138)

Summary An Information Disclosure vulnerability in IBM Information Server was addressed. Vulnerability Details CVEID:CVE-2025-1138 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive information to an authenticated user that could aid in further attacks against the system...

4.3CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/25 3:22 p.m.19 views

CVE-2025-2652

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information through directory listing. The attack can be launched...

7.5CVSS7AI score0.00649EPSS
Exploits1References1
Hacker One
Hacker One
added 2023/04/15 6:35 p.m.30 views

Mars: Information Exposure Through Directory Listing

The vulnerability allowed an attacker to view the directory contents of the web server, leading to information disclosure. The directory listing function was not properly configured, exposing sensitive information...

6.5AI score
Exploits0
OSV
OSV
added 2023/01/26 11:15 p.m.2 views

CVE-2022-46967

An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory...

9.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder