23 matches found
Security Bulletin: Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[CVE-2023-38265, CVE-2023-38005]
Summary Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect Cloud Pak System respectively. IBM Cloud Pak System could allow an authenticated user to perform unauthorized tasks due to improper access controls , and disclose folder location informati...
EUVD-2025-209919
Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...
CVE-2025-32750
Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...
Linux Distros Unpatched Vulnerability : CVE-2026-34763
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a...
SUSE CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
CVE-2026-34763
A flaw was found in Rack. A remote attacker could exploit a vulnerability in Rack::Directory's handling of root paths. When the configured root path contains special regular expression characters, the directory listing generation can fail to properly strip the path prefix. This can lead to the...
CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...
CVE-2023-38005
CVE-2023-38005 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. An authenticated user could perform unauthorized tasks due to improper access controls (CWE-284). IBM’s bulletin combines this with CVE-2023-38265; the base score for CVE-2023-38005 is 4.3 (Mediu...
Exposure of Information Through Directory Listing
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2025-13200
CVE-2025-13200 affects SourceCodester Farm Management System 1.0. The vulnerability arises from an unknown functionality that allows information disclosure via directory listing, with a remote attack vector over the network. Public exploits have been disclosed. Public sources (NVD/Red Hat/EUVD/CV...
CVE-2025-13200 SourceCodester Farm Management System exposure of information through directory listing
A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly...
CVE-2025-27906
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified...
PT-2025-40606
Name of the Vulnerable Software and Affected Versions Mastra versions 0.13.8 through 0.13.20-alpha.0 Description Mastra, a Typescript framework for building AI agents and assistants, is susceptible to a Directory Traversal issue. The framework includes a security check intended to prevent path...
Exposure of Information Through Directory Listing
Overview @mastra/mcp-docs-server is a MCP server for accessing Mastra.ai documentation, changelogs, and news. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing via the execute function. An attacker can access sensitive directory listings by...
Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure
The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...
GHSA-XH92-RQRQ-227V Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure
The Mastra Docs MCP Server package @mastra/mcp-docs-server is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. Resources: Package URL: https://www.npmjs.com/package/@mastra/mcp-docs-server ----- Overview The @mastra/mcp-docs-server...
Security Bulletin: IBM Information Server is affected by an Information Disclosure vulnerability (CVE-2025-1138)
Summary An Information Disclosure vulnerability in IBM Information Server was addressed. Vulnerability Details CVEID:CVE-2025-1138 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive information to an authenticated user that could aid in further attacks against the system...
CVE-2025-2652
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of information through directory listing. The attack can be launched...
Mars: Information Exposure Through Directory Listing
The vulnerability allowed an attacker to view the directory contents of the web server, leading to information disclosure. The directory listing function was not properly configured, exposing sensitive information...
CVE-2022-46967
An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory...